At Cybolt, we identify the continuous use of artificial intelligence (AI) by criminal groups as one of the main global trends for 2024, aiming to conduct targeted attacks on both individuals and businesses. Understanding how these attacks operate and the strategies being implemented is crucial to anticipating and effectively responding to them.
AI is rapidly advancing and playing fundamental roles within our organizational processes, but it’s not only used for good and productivity. Cybercriminals have found an ally in AI, facilitating their objectives and making attacks more efficient and difficult to detect. While machine learning algorithms and neural networks help detect threats, they are also used to develop more sophisticated attack methods.
Types of Expected Attacks in 2024
- Automated Campaigns: AI allows attackers to launch campaigns without human intervention. For example, the Depp Locker malware uses AI models to avoid detection by security systems. Depp Locker activates automatically, hiding its malicious intentions and triggering when it identifies the victim through biometrics like facial or voice recognition or geolocation systems.
- Phishing: AI makes phishing attacks more effective by generating convincing emails in any language and behavior patterns, providing attackers with a broader range of remote operations. AI is expected to increase phishing and deepfake attacks by 600%, according to El Financiero.
- Vishing: This modality, which involves voice-based identity theft and deception to obtain confidential data, is projected to increase.
- Modular Attacks: According to Fortinet’s 2024 Cyber Threat Predictions, modular attacks will also grow. An attacker might use machine learning during the reconnaissance phase, link it to an AI-based armed payload, and chain it to the deployment of the armed payload.
- Credential Theft: AI will also facilitate credential theft by detecting patterns that reduce password cracking time. Technologies like PassGan use machine learning models that promise to crack 51% of passwords in less than a minute.