A jointly developed new report by Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro concludes that cybercriminals will leverage artificial intelligence (AI) both as an attack vector and an attack surface.
The report provides law enforcers, policymakers and other organizations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.
“AI promises the world greater efficiency, automation and autonomy. At a time where the public is getting increasingly concerned about the possible misuse of AI, we have to be transparent about the threats, but also look into the potential benefits from AI technology.” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre. “This report will help us not only to anticipate possible malicious uses and abuses of AI, but also to prevent and mitigate those threats proactively. This is how we can unlock the potential AI holds and benefit from the positive use of AI systems.”
Deep fakes are currently the best-known use of AI as an attack vector. However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.
For example, AI could be used to support convincing social engineering attacks at scale, document-scraping malware to make attacks more efficient;, evasion of image recognition and voice biometrics, ransomware attacks through intelligent targeting and evasion, and data pollution by identifying blind spots in detection rules.
“As AI applications start to make a major real-world impact, it’s becoming clear that this will be a fundamental technology for our future,” said Irakli Beridze, Head of the Centre for AI and Robotics at UNICRI. “However, just as the benefits to society of AI are very real, so is the threat of malicious use.”
The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.
“Cybercriminals have always been early adopters of the latest technology and AI is no different. As this report reveals, it is already being used for password guessing, CAPTCHA-breaking and voice cloning, and there are many more malicious innovations in the works,” said Martin Roesler, head of forward-looking threat research at Trend Micro.
The three organizations are calling for a de-escalation in politically loaded rhetoric on the use of AI for cybersecurity purposes. They also recommend that the potential of AI is harnessed as a crime-fighting tool to future-proof the cybersecurity industry and policing. They want to see research continued to stimulate the development of defensive technology and secure AI design frameworks, and for public-private partnerships to be leveraged as well as the creation of multidisciplinary expert groups.