Unraveling the Dual Nature of Artificial Intelligence in Cyber Threats - VMRay

AI at the Forefront:  
The Dual Nature of Artificial Intelligence in Cyber Threats

Q3 – 2023

Explore the intersection of AI and cybersecurity threats. From AI-generated phishing emails to acoustic analysis decoding keystrokes, uncover evolving risks.

Table of Contents

The advent of Artificial Intelligence (AI) has heralded groundbreaking advancements across diverse sectors, but it has also become a double-edged sword, offering new avenues for cyber threats. This chapter delves into the notable developments and exploits of AI in the cyber threat landscape. As AI technologies evolve, so do the tactics of malicious actors, who leverage advanced AI tools to orchestrate more potent and harmful cyber attacks. From the emergence of harmful AI models like “Evil-GPT,” capable of generating sophisticated phishing emails, to alarming advancements like acoustic analysis for keystroke decoding, the chapter explores the dark side of AI, shedding light on the intensification of cyber threats.

 

The emergence of Artificial Intelligence (AI) has led to remarkable progress in various domains, but it has also opened new avenues for threats. The misuse of AI technologies is becoming an increasing worry, as malicious entities utilize advanced AI tools to execute more potent and harmful attacks.

The Emergence of ‘Evil-GPT’ in Crafting Deceptive Cyber Threats

An example of this is the development of “Evil-GPT” -a harmful variant of the GPT-3 model- crafted to produce phishing emails, harmful domains, and additional cyber threats. 

This tool, along with FraudGPT mentioned in our previous threat landscape report, illustrates the ways AI can be twisted to fabricate more believable and specific cyber-attacks, generating worries about the potential intensification in the scope and severity of upcoming threats.

Acoustic Threats: Keystroke Decoding at 95% Accuracy with Deep Learning Models

Another disturbing advancement is the formulation of a deep learning model that can decode keystrokes with an astonishing 95% accuracy through acoustic analysis. Researchers have created a model capable of recording keystrokes via a microphone and forecasting the inputted information, creating serious data security risks.

This technique maintains its effectiveness even when training the sound classification algorithm via Zoom, achieving a prediction accuracy of 93%. The prevalence of high-quality microphone-equipped devices and progress in machine learning have facilitated easier and more perilous acoustic attacks, allowing attackers to snatch sensitive data like passwords and messages effortlessly.

WiFi Positioning Attacks: That Can Decipher Numeric Passwords on Smartphones with Up to 90% Accuracy

Beyond acoustic analysis, machine learning has been employed to infer PIN entries on smartphones via WiFi positioning. A novel attack, termed ‘WiKI-Eve,’ can capture the plaintext transmissions of smartphones connected to contemporary WiFi routers and interpret individual numeric keystrokes with up to 90% accuracy, enabling the theft of numerical passwords.

This attack manipulates the beamforming feedback information (BFI) feature in WiFi, transmitting position feedback in plaintext, leaving it vulnerable to capture. This technique can decode 6-digit numerical passwords with 85% accuracy and intricate app passwords with around 66% accuracy, highlighting the urgency for improved security protocols in WiFi access points and mobile applications.

Voice and Face Replication

What seemed like the realm of science fiction is increasingly manifesting as reality: attackers are replicating voices and faces to exploit social trust. In one case, as mentioned earlier, attackers successfully mimicked the voice of an IT worker to infiltrate systems.

These AI advancements and misuses emphasize the dynamic and complex nature of cyber threats. The incorporation of AI in malicious endeavors is poised to persist, requiring the creation of sturdy security solutions and increased vigilance to counter the risks associated with these novel threats. The misuse of AI technologies not only amplifies the abilities of attackers but also indicates the possibility of more advanced and unparalleled cyber-attacks in the future.

Home: 
VMRay Malware & Phishing Threat Landscape – Q3/2023

Next Chapter: 
The evolution of supply chain attacks

See VMRay in action.
Secure your organization against the emerging and evolving threats.

Further resources

WEBINAR

Key forces shaping the future of security automation

Watch the full recording from the our webinar featuring Forrester

INTEGRATIONS

Explore VMRay’s seamless integrations

Explore all security automation use cases that help you can benefit.

SOLUTION BRIEF

VMRay Professional Services

Learn how VMRay supports deployment, configurations, integrations & more.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator