As LLMs increasingly merged with consumer-facing products in 2023, threat actors expanded their attack turf. Hackers learnt to use AI to increase the speed and sophistication of their attacks, making it harder to defend.
Impact of AI
While the nature of cyberattacks did not change this year, cybercriminals used AI software to increase speed and accuracy.
“Attackers are leveraging new tools and technologies to launch attacks at a blistering pace and with a level of accuracy and sophistication”, said Nathan Wenzler, Chief Security Strategist, Tenable.
The use of AI by threat actors to increase the speed and efficiency of attacks, however, did not reach the levels of automation that were earlier expected.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Generative AI tools were limited to crafting legitimate sounding phishing emails and assisting in the code writing process. However, defenders also made use of similar techniques to improve protection for networks, applications and systems.
Sophisticated attacks on government infrastructure, organisations and individuals surged by 40% this year compared to 2022. India witnessed a significant rise in reported ransomware attacks across businesses and organisations of varied sizes through the sophisticated usage of AI within cyber-attacks, a report from GajShield said.
Malicious files witness increase
An average of 411,000 malicious files were detected every day, an increase of nearly 3 percent in 2023, compared to the previous year, a report from Kaspersky said.
Additionally, attackers were also found using backdoor infiltration to launch attacks. A surge of 53% was witnessed in attacks involving malicious Microsoft Office and other types of documents including PDFs.
Trojans emerged as the most widespread malware; an uptick in their use from 15,000 detected files per day in 2022 to 40,000 in 2023.
Securing cloud infrastructure got costlier
As more and more digital services and applications are put in the cloud, cost of securing them is also increasing.
However, bugdeting for cloud security remained a challenge. When it comes to companies’ finances, nearly one-in-five, 16%, admitted they do not have budget for adequate cybersecurity measures, according to a Kaspersky survey.
The survey aimed at assessing the opinions of IT security professionals working at SMEs and found that the greatest number of successful cyberattacks in the past 24 months were targeted at the retail industry.
Organisations are looking to invest in tools, education and implementation. Without which cloud security efforts will fail in the long run leading to greater business risk to the whole organization.