Cyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity. AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response. Adversaries can use AI as part of their exploits. It is never been more critical for us to design, deploy, and use AI securely.
See: https://redskyalliance.org/xindustry/llm-gpt-ai
Microsoft representatives say it has detected threats from foreign countries that used or attempted to exploit generative AI it had developed. According to a recent Microsoft Report, state-backed hackers from Russia, China, and Iran have been using tools from Microsoft-backed OpenAI to improve their skills. While computer users of all types have been experimenting with large language models to help with programming tasks, translate phishing emails, and assemble attack plans, the new report is the first to associate top-tier government hacking teams with specific uses of the Large Language Model training technology to create Generative AI. It is also the first report on countermeasures. It comes amid a continuing debate about the risks of rapidly developing technology and efforts by many countries to put some limits on its use.
US adversaries, chiefly Iran and N. Korea, and to a lesser extent Russia and China, are beginning to use Generative Artificial Intelligence to mount or organize offensive cyber operations. In collaboration with business partner OpenAI, analysts have detected and disrupted many threats that used or attempted to exploit AI technology they had developed, Microsoft has recently reported.
In a blog post, the company said the techniques were “early-stage” and neither “particularly novel or unique” but that it was important to expose them publicly as US rivals leveraging large-language models to expand their ability to breach networks and conduct influence operations.
Cyber security firms have long used machine learning on defense to detect network anomalous behavior. Since criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.
Microsoft has invested billions of dollars in OpenAI, and its announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning. This is a threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation is already occurring. Microsoft has provided some examples. Each case said all generative AI accounts and assets of the named groups were disabled.
The North Korean cyber-espionage group known as Kimsuky has used the models to research foreign think tanks that study the country and to generate content likely to be used in spear-phishing hacking campaigns.
Iran’s Revolutionary Guard has used large-language models to assist in social engineering, troubleshoot software errors, and even study how intruders might evade detection in a compromised network.
That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism.” The AI helps accelerate and boost email production.
The Russian GRU military intelligence unit known as Fancy Bear has used the models to research satellite and radar technologies that may relate to the war in Ukraine.
The Chinese cyber-espionage group Aquatic Panda, which targets a broad range of industries, higher education, and governments from France to Malaysia, has interacted with the models “in ways that suggest a limited exploration of how LLMs can augment their technical operations.” The Chinese group Maverick Panda, which has targeted US defense contractors amongst other sectors for more than a decade, had interactions with large-language models suggesting it was evaluating their effectiveness as a source of information “on potentially sensitive topics, high profile individuals, regional geopolitics, US influence, and internal affairs.”
In another blog, OpenAI said its current GPT-4 model chatbot offers “only limited, incremental capabilities for malicious cybersecurity tasks beyond what is already achievable with publicly available, non-AI-powered tools.”
In April 2023, the director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, told Congress that “there are two epoch-defining threats and challenges. One is China, and the other is artificial intelligence.” Easterly said the US needed to ensure AI is built with security in mind.
Critics of the public release of ChatGPT in November 2022 have argued it was irresponsibly hasty, considering security was largely an afterthought in their development. “Of course, bad actors are using large-language models, and that decision was made when Pandora’s Box was opened,” said Amit Yoran, chief executive of the cyber security firm Tenable.
Some cybersecurity professionals complain about Microsoft’s creation and marketing of tools to address vulnerabilities in large-language models when it might more responsibly focus on making them more secure.
Former AT&T chief security officer Edward Amoroso has observed that while AI and large-language models may not pose an immediately obvious threat, they “will eventually.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office at 1-844-492-7225 or feedback@redskyalliance.com
- porting: https://www. redskyalliance. org/
- Website: https://www. redskyalliance. com/
- LinkedIn: https://www. LinkedIn. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments