GenAI, a new weapon in hackers' arsenals

O.D.
English Section / 4 octombrie

GenAI, a new weapon in hackers' arsenals

Versiunea în limba română

Cyber criminals' weapons are multiplying. In a report published by HP Inc., cybersecurity experts have revealed a malware campaign targeting French speakers that uses malicious code generated with the help of generative artificial intelligence (GenAI). This report highlights how GenAI is accelerating the pace and sophistication of attacks, making them more accessible to cybercriminals who lack advanced coding skills.

AI, catalyst for cyber attacks

In recent years, cyber criminals have had to develop complex technical skills to create and implement effective cyber attacks. However, generative artificial intelligence is radically changing this landscape. According to the HP Threat Insights report, cybercriminals are using GenAI to write malicious code, thereby lowering the technical barrier needed to launch sophisticated attacks. Thus, even those without advanced programming knowledge can now create complex scripts with the help of these emerging technologies. Patrick Schlapfer, an expert at HP Security Lab, explained that "evidence of the use of artificial intelligence by cybercriminals has been sparse until now, but this finding is significant. The fact that hackers are using an AI assistant to write malicious code indicates a lowering of entry barriers for cyberattacks."

Malvertising and dangerous PDF documents

One of the most relevant findings in the report concerns the use of malvertising - malicious advertising - to spread malware, mostly in the form of seemingly harmless PDF documents. In this campaign, cybercriminals have created well-designed websites that offer PDF converters or other functional tools. But once downloaded, these files are delivered as Microsoft Installer (MSI) files, which contain malicious code. They install browser extensions that allow hackers to take control of users' browsing sessions by redirecting their searches to sites controlled by criminals. A notable example highlighted in the report is the ChromeLoader campaign, which has expanded and become more sophisticated, targeting popular search keywords to lure victims to these fraudulent websites. Another innovative aspect of the cyber attacks described in the report is the use of Scalable Vector Graphics (SVG) images to hide malware. This technique is effective because SVG files are considered safe and are typically not subject to strict scrutiny by security systems. In addition to malvertising, email remains one of the main attack vectors, with 61% of attacks being delivered via infected attachments. Also, archived files, especially ZIP files, are popular methods to distribute malware due to their ability to bypass detection tools. According to the report, at least 12 percent of email threats were able to bypass one or more email security systems, a statistic that underscores how advanced these attack methods are becoming.

The HP report is a product of analyzing data collected from millions of endpoints using HP Wolf Security, an advanced security solution that isolates and analyzes threats. To date, HP Wolf Security has allowed more than 40 billion email attachments and web files to be opened without any reported security breaches. By isolating malware and allowing it to be safely activated, HP Wolf Security provides a unique insight into the latest techniques used by cybercriminals. Ian Pratt, Global Head of Security Personal Systems at HP Inc., points out that cybercriminals are constantly updating their methods, which forces companies to strengthen their resilience. "Companies must adopt a defense-in-depth strategy, including isolating high-risk activities such as opening email attachments or web downloads, to reduce the attack surface and neutralize risks," Pratt said.

AI, source of power and vulnerability

The use of generative artificial intelligence by cyber criminals is a new turning point in the field of cyber security. While AI has the potential to improve the efficiency of security operations, this report makes it clear that the same technologies can also be used for malicious purposes.

The Threat Insights report provides a clear picture of how cybercriminals' tactics are evolving and how emerging technologies such as generative artificial intelligence are opening new fronts in the fight to cyber security.

www.agerpres.ro
www.dreptonline.ro
www.hipo.ro

adb