2023 Cyber Landscape: Watch Out for AI, Quantum, Data Risks

In the dynamic realm of cybersecurity, the continuous battle against hackers and fraudsters persists as threats evolve. Foremost among these impending challenges are the innovative strategies being observed.

During the summer of 2023, Microsoft Teams users received reports of a Russian hacker group utilizing the platform for phishing attacks, a creative twist on a well-known tactic. Microsoft Threat Intelligence disclosed that these hackers, known as Midnight Blizzard, employed Microsoft 365 tenants from previously compromised small businesses to execute new social engineering assaults.

Threats undergo perpetual transformation as malicious actors access new technologies or devise fresh methods to exploit familiar weaknesses. Mark Ruchie, Chief Information Security Officer (CISO) at Entrust, aptly describes this as a constant "cat and mouse game."

Phishing endures as the most prevalent form of attack, evidenced by the 2023 Comcast Business Cybersecurity Threat Report, which reveals that nine out of ten attempts to breach customer networks commenced with phishing.

The frequency and speed of attacks have surged, resulting in amplified costs for victims. According to the 2022 Official Cybercrimes Report by Cybersecurity Ventures, the expenses associated with cybercrime are estimated to soar from $3 trillion in 2015 to a projected $10.5 trillion by 2025.

Simultaneously, security leaders note the emergence of fresh variations on established attack methods, exemplified by the maneuvers of Midnight Blizzard (also recognized by aliases APT29, Cozy Bear, and NOBELIUM). Novel strategies such as data poisoning, SEO poisoning, and the involvement of AI-enabled threat actors present burgeoning challenges for Chief Information Security Officers (CISOs).

As Andreas Wuchner, field CISO for Panaseer, and a member of its advisory board, points out, taking on the role of a CISO means engaging in a perpetual race against an ever-evolving landscape of threats, demanding constant vigilance and adaptation.

Attacks powered by AI and generative AI

Advanced threats arising from the rapid advancement and widespread use of artificial intelligence (AI) stand out as some of the most concerning developments, experts reveal. Security professionals note that hackers are adopting AI at a rate that often matches or exceeds the pace of enterprise technology teams.

The potential for AI-enabled attacks was foreseen. A Forrester Research report from 2019 indicated that 80% of cybersecurity decision-makers anticipated AI's capability to escalate the scale and speed of attacks. Sixty-six percent also foresaw AI being used for attacks beyond human conception.

This foresight has materialized, as some experts affirm. They highlight that organizations are struggling to combat AI-driven cyber threats. They expect these threats to intensify as AI methodologies advance and AI expertise becomes more accessible.

A December 2022 report from the Finnish Transport and Communications Agency, in collaboration with WithSecure, underscores that hackers are leveraging AI to analyze attack patterns, thereby increasing their chances of success. Furthermore, AI is enabling hackers to magnify the speed, scale, and range of their malicious activities.

Cybersecurity leaders emphasize the emerging threats associated with AI, particularly generative AI. Hackers are utilizing generative AI to craft malware and create deceptive phishing and smishing messages that convincingly mimic the language, tone, and appearance of legitimate communications. This sophisticated mimicry reduces the typical tell-tale signs that identify such messages as malicious.

The expanding capabilities of generative AI not only enhance hackers' swiftness and sophistication but also broaden their outreach, enabling the creation of phishing campaigns in various languages, even those with limited attack attempts due to the complexity of the language or its infrequent use by non-native speakers.

Anticipations persist that hackers will exploit deepfake technology to impersonate notable individuals, potentially causing misinformation and deception. The use of deepfake images of Ukrainian President Volodymyr Zelensky is cited as evidence of the technology's misuse for deceitful ends.

The Finnish report paints a sobering picture of the future, projecting that swift advancements in AI will empower attackers to automate, conceal, engage in social engineering, and gather information more effectively, ultimately rendering conventional cyberattacks outdated. This progression is likely to make AI tools more accessible and affordable, enticing even less skilled attackers to utilize AI-enabled cyber threats in the coming years.

Taking control of corporate AI systems

In a related context, certain security experts suggest a potential scenario where hackers might exploit an organization's own chatbots. Just like more typical attack situations, assailants might attempt to breach the chatbot systems to pilfer data contained within or utilize them to access more valuable systems.

However, what's notably distinctive is the prospect of hackers reusing compromised chatbots as channels to disseminate malware or engage with various entities such as customers, employees, or other systems in harmful ways. Matt Landers, a security engineer at OccamSec, highlights this intriguing development.

Similar cautions have recently surfaced from Voyager18, a cyber risk research team, and security software company Vulcan. They released a June 2023 advisory outlining how hackers could employ generative AI, including ChatGTP, to introduce harmful elements into developers' environments.

Wuchner emphasizes that the realm of AI-generated threats extends further. He suggests that organizations might encounter issues where errors, vulnerabilities, and malicious code enter their systems as more non-IT personnel, particularly using generative AI, create code for rapid deployment.

"Studies highlight the ease of crafting scripts with AI, but relying on these technologies introduces unforeseen elements into organizations," Wuchner notes.

Advanced computing using quantum mechanics: Quantum computing.

In December 2022, the United States officially put in place the Quantum Computing Cybersecurity Preparedness Act. This law aims to safeguard federal government systems and data from potential cyberattacks powered by quantum technology, as the field continues to progress.

In June 2023, the European Policy Centre urged European officials to brace for what they've termed as Q-Day, an event anticipated to mark the onset of quantum cyberattacks.

Experts predict that within the next five to 10 years, quantum computing might advance enough to potentially break today's cryptographic algorithms. Such advancements could render digital information protected by current encryption methods susceptible to cyber threats.

"There's a certainty that quantum computing will impact us within three to 10 years, but the full extent of its effects remains uncertain," says Ruchie. What's more concerning is the potential for malicious actors to exploit quantum computing or combine it with AI to generate new threats.

Manipulation of Data and Search Engine Optimization (SEO)

Rony Thakur, an associate professor at the University of Maryland Global Campus' School of Cybersecurity and IT, points out the emergence of a new threat: data poisoning. This involves attackers manipulating or corrupting the data used to train machine learning and deep-learning models. Their methods can vary, and this attack—also known as model poisoning—aims to impact the accuracy of AI's decision-making processes.

As Thakur explains, "By poisoning the data, you can manipulate algorithms." Both insiders and external threats can execute data poisoning, a sophisticated attack that many organizations struggle to detect. While large-scale incidents haven't been widely reported, researchers have demonstrated the potential for hackers to carry out such attacks.

Additionally, there's another form of threat known as search engine optimization (SEO) poisoning. This primarily involves manipulating search engine rankings to lead users to malicious websites, where malware can be installed on their devices. The Info-Tech Research Group highlighted the growing danger of SEO poisoning in their June 2023 Threat Landscape Briefing.

Readying for Future Developments

Looking ahead, the majority of Chief Information Security Officers (CISOs) foresee a shifting landscape of cyber risks in the next five years. As per Heidrick & Struggles' 2023 Global CISO Survey, 58% of security leaders anticipate a different array of threats on the horizon.

CISOs highlight AI and machine learning as the primary concerns in the realm of cyber risks, with 46% expressing this sentiment. Additionally, they identify geopolitical issues, various attack methods, threats related to the cloud, quantum technology, and supply chain vulnerabilities as other significant cyber risk areas.

Insights from the survey participants shed light on their concerns. Some mention an ongoing race towards automation, emphasizing the need for quicker responses due to heightened attack frequencies. There's a prevailing worry that cyber threats will evolve at machine speed while defense mechanisms will lag at human pace. Moreover, there are apprehensions about the transition of skills from older to newer technologies and concerns about the challenge of distinguishing truth from fiction in the digital landscape.

Security leaders stress the importance of blending established best practices with new technologies and strategies. This approach aims to reinforce defenses and proactively fortify enterprise security.

Norman Kromberg, CISO at NetSPI, advocates for this approach, emphasizing the fusion of fundamental practices with novel techniques to elevate security measures. This multi-layered strategy can potentially empower organizations to detect and respond to unknown or novel threats.