Brian Sims
Editor

Global ransomware threat “expected to rise” due to Artificial Intelligence

Posted to News on Tuesday, January 30, 2024 Share:

ARTIFICIAL INTELLIGENCE (AI) is expected to increase the global ransomware threat across the next two years. Published by the National Cyber Security Centre (NCSC), the report entitled ‘The Near-Term Impact of AI on the Cyber Threat Assessment’ concludes that AI is already being used in malicious cyber activity and will almost certainly increase the volume and impact of cyber attacks (including ransomware).

Among other conclusions, the report suggests that, by lowering the barrier of entry to novice cyber criminals, hackers-for-hire and hacktivists, AI enables relatively unskilled threat actors to carry out more effective access and information-gathering operations. This enhanced access, combined with the improved targeting of victims afforded by AI, will contribute towards the global ransomware threat in the next 24 months.

Ransomware continues to be the most acute cyber threat facing UK organisations and businesses, with cyber criminals adapting their business models to gain efficiencies and maximise profits.

In order to combat the threat, the Government has invested £2.6 billion under its Cyber Security Strategy to improve the UK’s resilience, with the NCSC and private industry already adopting AI’s use in enhancing cyber security resilience through improved threat detection and ‘security by design’.

The Bletchley Declaration

Agreed at the UK-hosted AI Safety Summit held at Bletchley Park last November, The Bletchley Declaration also announced a first-of-its-kind global effort to manage the risks of frontier AI and ensure its safe and responsible development.

Here in the UK, the AI sector already employs upwards of 50,000 individuals and contributes £3.7 billion to the economy, with the Government dedicated to ensuring the national economy and jobs market evolve with technology as set out under the Prime Minister’s five key priorities.

NCSC CEO Lindy Cameron explained: “We must ensure that we both harness AI technology for its vast potential and manage its risks, including its implications in relation to the cyber threat. The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats such as ransomware, but in point of fact does not transform the risk landscape in the near term.”

Cameron added: “As the NCSC does all it can to ensure that AI systems are ‘secure by design’, we urge organisations and individuals to follow our ransomware and cyber security hygiene advice in order to strengthen their defences and boost their resilience to cyber attack.”

‘GenAI-as-a-Service’

Analysis from the NCA suggests that cyber criminals have already started to develop criminal generative AI (GenAI) and to offer ‘GenAI-as-a-Service’, making improved capability available to anyone willing to pay.

Yet, as the NCSC’s new report makes abundantly clear, the effectiveness of GenAI models will be constrained by both the quantity and quality of data on which they are trained.

The growing commoditisation of AI-enabled capability mirrors warnings from a report published last September, which described the professionalising of the ransomware ecosystem and a shift towards the ‘Ransomware-as-a-Service’ model.

According to the NCA, it is unlikely that another method of cyber crime will replace ransomware in 2024 due to the financial rewards and its established business model.

National security threat

James Babbage, director general for threats at the National Crime Agency, commented: “Ransomware continues to be a national security threat. As this report shows, the threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cyber criminals.”

Babbage continued: “AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods. Fraud is likely to be affected.”

In conclusion, Babbage observed: “The NCA will continue to protect the public and reduce the serious crime threat to the UK, including by targeting the criminal use of GenAI and ensuring that we adopt the technology ourselves where safe and effective.”

Effective preparation is central to preventing ransomware attacks. Implementing the NCSC’s advice, such as the simple protective measures outlined in its ransomware guidance, will help UK organisations to reduce their likelihood of being infected.

Most ransomware incidents typically result from cyber criminals exploiting poor cyber hygiene rather than sophisticated attack techniques. The NCSC’s Ten Steps to Cyber Security and Top Tips for Staying Secure Online set out how organisations and individuals respectively can protect themselves in cyberspace.

Impact on effectiveness

The near-term impact of AI on the cyber threat report outlines further ways in which AI will impact the effectiveness of cyber operations and the cyber threat over the next two years – including social engineering and malware.

 Tackling the challenges of securing future technology is a key priority area for the NCSC, with the organisation having published its Guidelines for Secure AI System Development last November (which are endorsed by 17 other countries). 

Taking place in Birmingham on 13-15 May, CYBERUK 2024 will elaborate on these themes. The event’s focus is squarely on ‘Future Tech, Future Threat, Future Ready’.

Industry response

Dr Ilia Kolochenko, CEO and chief architect at ImmuniWeb, commented: “The impact of generative AI on cyber crime growth seems to be overestimated, to put it mildly. First, most cyber crime groups have been successfully using various forms of AI for years, including pre-large language model (LLM) forms of generative AI. The introduction of LLMs will unlikely revolutionise their operations.”

Kolochenko added: “Second, while LLMs can help with a variety of simple tasks, such as writing attractive phishing e-mails or even generating primitive malware, it cannot transact all of the foundational tasks, such as deploying abuse-resistant infrastructure to host C&C servers or laundering the money received from the victims. Third, the ransomware ‘business’ already works very well. It’s a mature, highly efficient and effective industry with its own players, economy, laws and hierarchy.”

Further, Kolochenko stated: “The ‘Ransomware-as-a-Service’ model that has existed for a few years already allows even inexperienced cyber criminals to make some money by helping organised cyber crime syndicates. On top of that, those who try to establish their own ransomware empire by relying on generative AI, without having the necessary technical skills or connections to launder the profits, will likely fail in many aspects and end up being arrested and prosecuted after being detected by law enforcement agencies that are gradually improving their cyber crime investigations methodologies.”

Company Info

WBM

64 High Street, RH19 3DE
East Grinstead
RH19 3DE
UNITED KINGDOM

04478 18 574309

Related Topics
Artificial Intelligence
Cyber Security
CYBERUK 2024
Generative AI
Government
Hackers
Hacktivists
National Cyber Security Centre
NCSC
Ransomware
Related Articles
Latest Webinars
Biometric access control: are fingerprint cards the future?
Biometric access control: are fingerprint cards the future?
Bandweaver signposts webinar on optical fiber for perimeter security
Video Surveillance: Exploring New Horizons
Perimeter Intruder Detection Solutions
Related Resources
SentriGuard Key Safe Attack Test by BRE
SentriGuard, a new-generation key management solution
Security Matters Podcast – Episode 30 now live to view
Latest News
Jacobs appointed to deliver cyber security services for Ministry of Defence
JD Sports partners with SelectaDNA in fight against retail crime
Multi-agency law enforcement operation infiltrates ‘LabHost’ fraud platform

Login / Sign up