Artificial intelligence will shape future cyberattacks

AI and different kinds of machine learning models can improve the cyber security monitoring of organisations, but they can also enable new types of attacks reveals a new report prepared by the National Cyber Security Centre Finland (NCSC-FI) at Traficom and the National Emergency Supply Agency (NESA). The report published today is the second part of a project on AI and cyber security implemented by Traficom and NESA and funded by NESA’s Digital Security 2030 programme. 

AI enables new attack methods. AI models are able to automate both spear-phishing attacks and vulnerability discovery better than before. Social engineering and impersonation attacks supported by AI have also occurred. These include various deepfakes in which attackers aim to generate believable video or audio material created by deep learning models.

The current rapid progress in AI research coupled with the numerous new applications it enables give reason to believe that AI techniques will soon be used to support cyberattacks. The idea of AI-enabled cyberattacks has recently gained increased attention from both academia and industry. Even if AI will not quite yet result in completely new types of attacks, we are continuously gaining more information about how AI could be used to enhance cyberattacks.

− In the digital world, change is constant and rapid. We must keep up with technological advances and anticipate the threats they pose to be better able to ensure the digital security of the key functions of society. AI and machine learning are future technologies that enable us to develop new digital services. At the same time, they also open up new opportunities for cyber criminals. The current report helps us anticipate those new threats, says Juha Ilkka from the National Emergency Supply Agency, manager of the Digital Security 2030 programme.

In the near future, the rapid advances in AI are likely to enhance and create better opportunities for the automation of attacks, social engineering and information gathering. Over the years, AI technologies, skills and tools will become more available and affordable, incentivising attackers to make use of AI-enabled cyberattacks.

− If it is already possible to have a conversation with AI, soon online scams may be carried out by AI working for criminals. Over the years, AI technologies, skills and tools will become more easily available, incentivising attackers to make use of AI to perpetrate cyberattacks. Even if AI will not lead to completely new types of attacks in the near future, it can be used to increase the scale of cyber threats. Cyber interference may also be directed at new targets if automation makes attacks independent of the time invested by cyber criminals, says Deputy Director-General Sauli Pahlman from NCSC-FI at Traficom.

More information on NCSC-FI website

The security threat of AI-enabled cyberattacks, report from 2022, in English