Beautiful Virgin Islands

Thursday, Jul 25, 2024

AI is making scams harder to detect, but cyber firms are fighting back

AI is making scams harder to detect, but cyber firms are fighting back

Generative AI is allowing scammers to mimic voices, write more sophisticated phishing emails, and create malware, but cybersecurity firms are fighting back with AI themselves.

Generative artificial intelligence (AI) poses a slew of cybersecurity risks, particularly in social engineering scams that are prevalent in Hong Kong, according to a cybersecurity firm that is also deploying AI to counter the threat.

The emergence of advanced generative AI tools such as ChatGPT will enable certain types of scams to become more common and effective, said Kim-Hock Leow, Asia CEO of Wizlynx Group, a Switzerland-based cybersecurity services company.

“We can see that AI voice and video mimicking continues to seem more genuine, and we know that it can be used by actors looking to gain footholds in a company’s information and cybersecurity [systems],” he said.

Social engineering like those conducted over the phone or through phishing emails are designed to fool victims into believing they are conversing with an authentic person on the other end.

In Hong Kong, scams conducted through online chats, phone calls and text messages have swindled people out of HK$4.8 billion (US$611.5 million). AI-generated audio, video and text are making these types of scams even harder to detect.

In one example from 2020, a Hong Kong-based manager at a Japanese bank was fooled by deepfake audio mimicking his director’s voice into authorising a transfer request for US$35 million, according to a court document first reported by Forbes.

The scammers ultimately made off with US$400,000, as the manager also believed he had emails in his inbox confirming the director’s request.

Just a year earlier, a similar scam led a British energy company to wire US$240,000 to an account in Hungary.

Governments are starting to wake up to the new threat. In February, Beijing’s municipal public security bureau warned in a statement on WeChat that “villains” may use generative AI to “commit crimes and spread rumours”.

In March, the US Federal Trade Commission issued a warning about scammers weaponising AI-cloned voices to impersonate people, adding that all they need is a short audio clip of the person’s voice from online.

A much likelier scenario than AI audio or video, however, is AI-generated text used in phishing emails, according to Leow.

“Everyone gets phishing attacks, but they are sometimes easily detectable due to the length, typos, or because they lack relevant context to you and your job,” he said. “But now, cybercriminals can use new AI language models to increase the sophistication of their phishing emails.”

Banknotes seized as part of scam involving phishing messages sent to Hong Kong residents are seen at police headquarters in Wan Chai. Experts warn that phishing scams could become more sophisticated through the use of AI.


One way this might work is by using a tool like ChatGPT to clean up and professionalise the language of a message. This can include quickly conducting background research on an entity or industry for added contextual information to personalise phishing emails, Leow explained.

Wizlynx, whose clients include finance companies and government-affiliated entities in Hong Kong, and companies like it are now deploying ChatGPT themselves to better fight these more sophisticated scams.

Tactics include using the chatbot to generate phishing emails for training purposes. Wizlynx is also using it to identify vulnerabilities and conduct research on cybersecurity systems.

“Based on the knowledge and data that AI can gather and generate over time, cybersecurity professionals can use it to get more accurate identification of a security system’s risk and vulnerability areas,” Leow said.

“We have to encourage cybersecurity professionals and other industries to make use of ChatGPT itself to improve defences,” he added. “In a way, it is a double-edged sword that will be used for both cybersecurity and cybercrime.”

Some of the threats cybersecurity firms point to remain hypothetical for now. Digitpol, a global provider of digital risk solutions, has warned that AI models can be trained to bypass security filters and detection signatures by quickly writing malware and malicious code.

Leow said he is unsure if AI-generated malware has been used in recent attacks, but noted that currently available security measures can only minimise the risk of these highly sophisticated threats.

“We will have to hope that the owners of ChatGPT and other generative AI models will do everything they can to minimise the chances of abuse by bad actors,” he said.

The terms of service from ChatGPT creator OpenAI prohibit the use of its technology for illicit purposes. The company also has technical solutions in place, but there is a risk that bad actors could bypass ChatGPT’s filters, according to Leow.

Dark web forum posts identified in a January report from Check Point Research indicated that cybercriminals have figured out how to manipulate ChatGPT into producing basic but viable malware.

OpenAI did not respond to a request for comment.

Cybercrime is expected to cost US$8 trillion globally this year in damages that include stolen funds, property loss and reduced productivity, according to a report from Cybersecurity Ventures.

The losses would be larger than the gross domestic product of every country except the US and China.

In the face of this threat, cybersecurity experts will continue to evolve in what is becoming an AI arms race, according to David Fairman, Asia-Pacific chief information officer for Netskope, who previously held top security roles at global banks including Royal Bank of Canada and JPMorgan Chase.

“In the coming years and months, we will see security teams effectively embracing AI to improve threat identification and automate much of the defence process,” he said. “AI is commonly used in many of the latest cybersecurity products that are used by security teams today, and we will see this continue to evolve.”

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Olaf Scholz to Run for German Chancellor Again in 2025
TikTok Fined by UK Regulator for Child Safety Data Reporting Failures
Miracle Baby Born After Gaza Airstrike
Global Tech Outage Caused by Bug in CrowdStrike's Software
Ukrainian FM Open to Peace Talks with Russia, China Reports
EU to Transfer Interest from Frozen Russian Funds to Ukraine
Greenpeace Co-Founder Paul Watson Arrested in Greenland
EU Relocates Summit to Punish Hungary over Orban's Ukraine Visit
Netanyahu Seeks Meeting with Trump During Washington Visit
World's Hottest Day Recorded on July 21
UK Labour Government To Halt Migrant Housing on Accommodation Barge
President Biden Returns to White House After Testing COVID Negative
Trump Says Kamala Harris Would Be Easier Election Opponent Than Biden
Thousands Protest in Mallorca Against Mass Tourism
Immigration Crackdown Targets Car Washes and Beauty Sector
Nigeria's Controversial Return to Colonial-Era National Anthem
Hacking Vulnerabilities: Androids vs. iPhones
Ukraine Crisis Should Be EU's Responsibility, Says Trump’s Envoy
A Week of Turmoil: Key Moments in US Politics
Barrow's Sacred Heart Primary School Faces Long-Term Closure
German National Sentenced to Death in Belarus
Elon Musk's Companies Drop CrowdStrike After Global Windows 10 Outage
US Advises India on Russian Ties Amid Geopolitical Shifts
Trump Pledges to End Ukraine Conflict if Reelected
Global IT Outage Unveils Digital Vulnerabilities
Global IT Outage Sparks Questions About Financial Accountability
CrowdStrike Bug Affects 8.5 Million Windows Devices
Flights Resume After Major Microsoft Outage
US Criticizes International Court's Opinion on Israeli Occupation
CrowdStrike Update Causes Global IT Outage Due to Skipped Quality Checks
EU’s Patronizing Attitude Towards Africa Revealed
Netanyahu Denounces World Court Ruling on Israeli Occupation
Adidas Drops Bella Hadid Over Controversy
Global Outage Caused by CrowdStrike Update Impacts Millions
Massive Flight Cancellations Across the U.S. Due to Microsoft Outage
Global Windows Outage Causes Chaos Across Banks, Airlines, and More
Russia Accuses Ukraine of Using Chemical Weapons
UK's Flawed COVID-19 Planning Exposed by Inquiry
Ursula von der Leyen Wins Second Term as European Commission President
Police Officer Injured in Attack in Central Paris
Hulk Hogan absolutely tore it up at the RNC.
Paris is being "cleansed" of migrants and homeless people ahead of the Olympics.
Lamine Yamal arriving at his school after winning the Euros
Campaigners Urge UK Government to Block Shein's London IPO
UK Labour Government's Legislative Agenda
UK Labour Government to Regulate Powerful AI Models
Record Heat Temperatures in Ukraine Amid Power Crisis
UK Government Plans to Remove 92 Hereditary Peers from House of Lords
King Charles III Delivers Labour Government's First King's Speech
Officials Remove 'Disastrous' Label from Liz Truss's Mini-Budget
×