New technologies — and artificial intelligence (AI), in particular — offer enhancements and efficiencies that make our lives easier. Chatbots can quickly connect us to the solutions we need and software automation can reduce 20 minutes of work to two minutes. But these same tools can also make it easier for criminals and fraudsters to take advantage of people and companies, especially when they’re not used to the kinds of attacks this tech can enable. From AI-powered phishing schemes and deepfakes to the potency of automated malware and hacking tools, the threats are diverse and evolving.
The rise of AI in cybersecurity presents both challenges and opportunities. And with the evolving changes in today’s technology, integrating cybersecurity into corporate policies is essential for mitigating risks, ensuring compliance, preserving business continuity and safeguarding both company assets and stakeholders’ interests. By understanding the latest trends and adopting proactive measures, individuals and corporate entities can take control of their security and help keep their data safe while online.
AI-Powered Phishing and Social Engineering
Phishing is nothing new. People are tricked into divulging sensitive information, such as passwords or financial details, by fraudsters posing as a trustworthy person or organization through email, text messages or websites. Phishing attacks have evolved alongside technology and human instinct, keeping ahead of our preconceptions to be successful.
The introduction of AI has opened the door to a whole new class of phishing attacks. Generative AI programs make it easier to reproduce the writing style of a person or business we trust, which can make us more trusting that a message is legitimate. These tools can also analyze online behavior to better disguise themselves to blend in with what you normally do online. Chatbots can engage in realistic conversations, making it more likely you will reveal sensitive information to someone you believe is trustworthy.
The best way to protect sensitive information is simply to slow down and think critically about your digital interactions. Phishing attacks prey on our instinct to act quickly — whether it is to log into your bank account after receiving a concerning message or to respond to a request for sensitive information from your boss. To help safeguard yourself from a potential phishing attempt, be sure to check all correspondences you receive for spelling errors, grammatical mistakes and odd requests. For example, your bank will never ask you to reveal your account information or Social Security Number via email or text. If something seems strange, it’s best to trust your gut.
Deepfakes and Synthetic Identities
AI’s power is not limited to generating more realistic messages and chats. One of its biggest cyber threats is the ability to generate deepfakes – i.e. fake videos, pictures or even voice recordings made by a computer that seem remarkably real. People have generated deepfake videos of world leaders, synthesized voice recordings to sound like U.S. presidents and generated fake images of celebrities.
Deepfakes are troubling from a cybersecurity perspective due to how easily imposters can pretend to be a senior leader of a business, a member of law enforcement or even your parent or child. Criminals can replicate the voice of a loved one or work associate, asking for sensitive personal information. In other instances, fraudsters can create entirely new personas (a twist on the classic “catfishing” approach) to attempt to swindle people or companies out of money.
Automated Malware and Hacking Tools
Automated malware and hacking tools turbocharge what cybercriminals have relied on to commit their crimes for decades. AI makes it easier to automatically create and deploy malicious software, given its software coding prowess. This empowers attackers to execute large-scale campaigns on personal and corporate computer networks. AI can not only build and deploy attacks; it can also uncover system vulnerability scanning and exploits in seconds.
For instance, AI-driven ransomware can identify specific vulnerabilities in a wide range of systems more quickly than preexisting tools. This makes it hard for individuals and networks to keep up, as humans cannot work as quickly as AI-enabled tools can. When a vulnerability is exploited, cyber criminals can steal sensitive information, such as bank account details, Social Security numbers and more.
It is more important than ever to remain proactive with your cybersecurity. Update your software and operating systems regularly with the latest security patches, use robust passwords and activate two-factor authentication. Keep work and personal files separate to help create a buffer between systems. It is important to note that if you think your information or computer has been compromised, reach out to your IT team for immediate assistance.
Credential Stuffing Attacks
Credential stuffing attacks happen when cybercriminals know one of your passwords and attempt to use it elsewhere — hoping you reuse passwords across several sites. AI-powered machine learning algorithms can test vast sets of stolen credentials across multiple websites at once, gaining access to those sites if you reuse your passwords. The security measures that sites have in place to detect unusual account activity have a hard time keeping up with these systems, making it more likely to become compromised without knowing it.
The best defense against credential stuffing is to never reuse passwords on accounts. It can be difficult to remember multiple unique passwords, but password managers can help keep them straight for you — and even suggest new, complex passwords when you need one. Changing passwords regularly can also help, alongside using multi-factor authentication whenever possible. Monitor your accounts for suspicious login attempts or from unusual locations as well.
As we embrace the conveniences AI offers, the cybersecurity challenges that come with it demand our attention. Slow down, scrutinize digital interactions and remain diligent — all the same pieces of advice that come with computing (and banking) in the modern era.
Lance Spencer is the Senior Vice President and Chief Information Security Officer at Northwest Bank.