Artificial intelligence used to carry out automated, targeted hacking is set to be one of the major threats to look out for in 2020, according to a cybersecurity expert.
The tools and knowledge for developing malicious AI and machine learning codes are becoming more mainstream and there is a lot more data out there for hackers to gather and use, Etay Maor, chief security officer at cyberintelligence company IntSights, told CNBC.
“We will see the adoption of AI tools for targeted and automated attacks,” Maor said.
The idea of a computer program learning to attack things by itself and expanding its knowledge base to become more sophisticated is scary. But, it is a serious consideration given how the cyber-threat landscape has evolved in recent years and is seen as a major risk for the global economy.
In the past, defacing or taking down websites and stealing credit card information were considered major instances of cyberattacks. But, those attacks were costly because they required attackers to devote more time and resources to carry out. With AI, an attacker can carry out multiple and repeated attacks on a network by programming a few lines of code to do most of the work.
Deepfakes are a threat
Related to AI is the rise in the spread of disinformation and deepfakes, especially since 2020 is an election year in the United States, according to Maor.
Deepfakes are images and videos created using computers and machine learning software to make them seem real, even though they are not. Experts predict that this technology could be used to cause confusion and propagate disinformation, especially in the context of global politics, and may become extremely hard to detect.
“These will be difficult to combat as attribution is becoming harder and harder and the technology, means, and infrastructure becomes more and more accessible for the attackers,” Maor said.
Other security experts agree. In an October blog post, Forrester Principal Analyst, Jeff Pollard, wrote that costs related to deepfake scams will exceed $250 million in 2020. Media reports suggest that some companies are already being tricked into wiring large amounts of money to scammers.
“Now that a precedent exists showing economic gains from AI-backed deepfake technology, expect more to follow,” Pollard wrote. “Expect the development of more deepfake-based attacks fabricating convincing audio and video at a fraction of the cost.”
Cybersecurity company Forcepoint predicted that cybercriminals could use deepfake technology to generate compromising photos and videos of individuals and threaten to release them if their ransom demands are not met.
“At the organizational level, deepfakes will also be used to impersonate high-level targets at organizations to scam employees by transferring funds into fraudulent accounts,” Alvin Rodrigues, senior director and security strategist for Asia Pacific at Forcepoint, told CNBC.
“In the political arena, we can expect deepfakes to be leveraged as a tool to discredit electoral candidates and push inaccurate falsehoods to voters via social media,” he added.
Related to deepfakes, cybersecurity firm Check Point said in October that a new cold war between Western and Eastern powers is taking place online due to a growing divergence in their technologies and intelligence.
“Cyber-attacks will increasingly be used as proxy conflicts between smaller countries, funded and enabled by large nations looking to consolidate and extend their spheres of influence,” the company said in a blog post. It pointed to the U.S. carrying out a secret cyber operation against Iran after the latter’s attacks on Saudi oil facilities.
Beyond AI and deepfakes, there are a number of growing threats that security experts have predicted for 2020:
Supply chain and third-party attacks — IntSights’ Maor said that as large companies invest heavily in cybersecurity measures, attackers are likely to switch their focus on easier, smaller and less-funded targets: essentially those firms that supply the large organizations. He predicted that these types of attacks are likely to happen in areas such as health care, automotive and broadcasting. “This is a concern because there is only so much an enterprise can do to force security on its vendors,” he said.
5G will make it easier to steal data — Forcepoint’s Rodrigues told CNBC that wider adoption of the next generation of high-speed mobile internet, known as 5G, would allow cybercriminals to transfer large volumes of data from one server to another online at faster speeds. “With the roll-out of 5G continuing in 2020, we can expect to see an increase in the volume and speed of data theft,” he said.
Attacks on critical infrastructures will increase — Criminals attacking utilities and critical infrastructure will continue to grow next year, Check Point predicted in its blog post. “In many cases, critical power and water distribution infrastructure uses older technology that is vulnerable to remote exploitation because upgrading it risks service interruptions and downtime,” the firm wrote.
Geopolitics to drive cyber espionage and nation-state attacks — Cybersecurity company FireEye said in its 2020 prediction report that geopolitical tensions are often a “significant driver of intrusions and disruptive attacks.” Nation-state activities are expected to continue developing and the firm said it has observed operations linked to Russia, China, Iran, and Venezuela to spread certain kinds of information. “While not limited to issues around elections, we often observe these activities to be particularly intense around elections,” the company said, pointing to various elections due in 2020 in places like Taiwan, South Korea, France, Poland, and the U.S.