Experts Warn: IT Development and AI May Help Hackers

News

With the rapid emergence of generative artificial intelligence (AI) and a worldwide hacking binge, 2024 is shaping up to be a total nightmare, according to a U.S. magazine studying technology and its consequences on society.

August 11, 2023

 The San Francisco-based Wired magazine stressed in its recent analysis that the focus will be on "a rise in personalized disinformation," not only thanks to "tools like ChatGPT and Google’s Bard, but the disinformation will likely be more effective, and even tailored to target specific groups with frightening consequences."

Aside from disinformation, individuals are always devising new ways to circumvent the safeguards put in place by generative AI technologies to prevent unwanted activity.

Although AI may be the new frontier for security experts, the magazine cautions that even traditional Open Innovation platforms, which are supposed to facilitate innovation by offering a shared platform for collaboration and development, are riddled with horrible vulnerabilities.

The most recent issue is an "adversarial attack," which, as researchers at Carnegie Mellon University discovered, can be carried out simply by appending a string of nonsense-looking instructions to the end of specific prompts typed into services like ChatGPT, according to Wired.

It stresses that "while it’s possible to block specific attack strings, nobody yet knows how to fix this flaw entirely."

Some cybersecurity vulnerabilities, according to Wired, may be addressed with new rules, but the U.S. Congress has yet to figure out how to address privacy, so "regulating AI will only be more difficult."

The magazine also referenced Halcyon, a security firm whose investigation discovered a cloud corporation that has offered server space to at least 17 state-sponsored hacking groups from nations such as China, Russia, and North Korea.

"The firm, Cloudzy, also provided its cloud storage to state-backed hackers from Iran, India, Pakistan, and Vietnam, as well as two ransomware groups," according to Halcyon’s research.

Another sign that hackers are getting ready is a Microsoft Threat Intelligence alert issued last week "after identifying highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor" known as Midnight Blizzard – previously known as NOBELIUM – a Russia-based group known as the Foreign Intelligence Service of the Russian Federation.

The group reportedly conducted "highly targeted" phishing attacks via the company’s Teams platform, using previously compromised Microsoft 365 accounts "owned by small businesses" to create domains that were then used to dupe their targets via Microsoft Teams messages "by engaging a user and eliciting approval of multifactor authentication (MFA) prompts."

NOBELIUM is thought to be responsible for the most significant cyber intrusions of both U.S. government and non-governmental networks in December 2020.