The U.K.’s National Cyber Security Centre (NCSC) has recently published a study shedding light on the potential risks presented by generative artificial intelligence (AI) in the realm of cyber threats, particularly regarding ransomware. The report indicates that while generative AI holds great potential, it will primarily enhance existing threats rather than introduce entirely new ones. According to the NCSC, threat actors will require extensive expertise in both AI and cyber, quality training data, and sufficient resources to leverage generative AI, a capability not expected to emerge until 2025.
NCSC CEO Lindy Cameron emphasized the need to both harness the vast potential of AI and effectively manage the associated risks, particularly in the cyber threat landscape. The study categorized threats based on their potential to be uplifted by generative AI, taking into consideration various types of threat actors, including nation-state-sponsored actors, well-organized groups, and less skilled or opportunistic attackers.
Although the report found that generative AI is not likely to introduce entirely new threats, it detailed how the technology could uplift existing cyber attacks. Ransomware, for instance, is anticipated to remain a popular form of cybercrime. The NCSC highlighted that just as attackers offer ransomware-as-a-service, they have now begun offering generative AI-as-a-service as well. This lowers the barrier to entry for cyber criminals and enhances their capabilities, thereby improving the scale, speed, and effectiveness of their attacks.
The study revealed that ransomware actors are already utilizing generative AI for activities such as reconnaissance, phishing, and coding. This trend is predicted to persist well beyond 2025. One significant area likely to see an uplift in attacks as a result of generative AI is social engineering. For instance, generative AI can eliminate spelling and grammar errors that often serve as indicators of spam messages, making it more challenging for individuals to discern malicious content.
Moreover, generative AI can be leveraged by threat actors to enhance phishing attacks and gain access to accounts or password information. However, the report noted that advanced threat actors are more likely to possess the capabilities required to employ generative AI for malware creation. These actors would need to train generative AI models using substantial amounts of high-quality exploit data to bypass existing security filters. Currently, only nation-state actors are believed to have access to such data, but the report acknowledged the possibility of other repositories existing.
One potential consequence of the increasing adoption of generative AI is that network managers may find it more challenging to patch vulnerabilities before they can be exploited. Generative AI has the potential to speed up the timeframe between vulnerability identification and exploitation.
Nevertheless, the NCSC highlighted that defenders can also leverage generative AI to their advantage. It enables them to identify patterns quickly, expedite attack detection or triage, and efficiently identify malicious emails and phishing campaigns.
To strengthen global defenses against generative AI-enabled attacks, the U.K. facilitated the creation of the Bletchley Declaration in November 2023. This declaration provides guidelines for addressing AI risks proactively. Additionally, the NCSC and select private industry organizations in the U.K. have embraced AI to enhance threat detection and prioritize security-by-design through the Cyber Security Strategy, which secured £2.6 billion ($3.3 billion) in funding in 2022.
In conclusion, the NCSC’s study highlights the potential risks associated with generative AI in the realm of cyber threats, particularly ransomware. While generative AI is projected to uplift existing threats rather than introduce wholly new ones, cyber criminals are increasingly adopting this technology, thereby enhancing the scale, speed, and effectiveness of their attacks. As the cybersecurity landscape evolves, defenders must leverage generative AI to detect and counter these emerging threats effectively. By doing so, they can strengthen global defenses against AI-enabled cyber attacks.
