What happens when technology becomes so advanced that it blurs the line between reality and fiction? Saira Hussain, Consultant at Crossword, explores the many modals of AI and their potential for cyber crime in the following blog.
We are living in an era where technology is at the forefront of everything we do – our careers, education, healthcare, transportation, finances and social interactions have become reliant upon a multitude of online tools and applications.
The rise of Generative AI, or ‘GenAI’, allows users to discover new and innovative ways to leverage readily available artificial intelligence tools in their day-to-day lives. While some may use text-generation tools to improve their language when writing emails, others are harnessing image-generation tools to transform their imaginative thoughts into visual reality.
So, what are these modals and how can cyber security teams ensure that their organisations are protected nefarious use?
The Many Modals of GenAI
While you may already be well versed with some modals of GenAI, such as OpenAI’s ChatGPT text generation, or the DeepAI art creation tool, there are many various types of generative artificial intelligence:
Linguistic AI uses algorithms and machine learning models to predict and generate text that looks like it has been written by a human. Linguistic AI has proven beneficial in many areas such as marketing and content creation, language translation, text summarisation and even customer support - you may have experienced conversing with AI-powered chatbots when seeking assistance with your online purchases.
Visual AI tools can create new images based on certain input or conditions, and they have recently grown in popularity due to their ability to generate realistic and highly creative visual content. Such technology is trained to process information to learn everything, whether it’s famous historical paintings, the colours of the rainbow, or what different objects look like. These new-age tools are being increasingly utilised by marketing professionals, fashion designers, video game developers, and even artists.
Have you ever played a video game where you’ve been able to control the characters with your own hand gestures? Well, that is Gestural AI in action. This type of AI interprets human gestures, such as hand movements, body language or facial expressions, through cameras or sensors, enabling natural interactions with computers. Apart from extracting the need for remote controls when gaming, there have been many valuable uses for gestural AI, including assisting individuals with disabilities by providing alternative methods for controlling devices, and enabling drivers to use gestures for tasks like adjusting the climate or navigation without taking their hands off the wheel.
Spatial AI is a technology that helps computers and devices understand and interact with the physical world, allowing machines to recognise objects, understand distances, and navigate physical spaces using cameras and sensors. From helping retailers analyse customer flow and optimise store layouts, to allowing you to measure specific objects using your phone camera, spatial AI finds applications in a wide range of areas. One of the most common, yet fascinating, uses for this type of artificial intelligence is environmental monitoring; with the use of historical data and imagery from drones and satellites, AI algorithms can be trained to track changes in ecosystems and predict the potential environmental impacts of these changes. It’s safe to say the possibilities with spatial AI are boundless.
Audio generative AI encompasses various technologies, such as text-to-speech models, music and sound effects generation, voice cloning, and more. These types of AI systems create, manipulate, or enhance audio content, allowing users to compose or remix music, create unique voices for characters in video games/animations, practice new languages, translate spoken language in real-time, and even customise your Smart Home devices with a voice assistant that understands your commands. In essence, audio AI is not just transforming how we perceive sound but also empowering us to explore new realms of creativity and convenience in our daily lives.
There is no doubt that these advancements in technology are increasing efficiency and productivity in both our careers and personal lives. However, while there are numerous advantages of implementing generative AI into our daily routines, it’s important to consider how cyber criminals can, and already are, leveraging such tools to enhance their attack methods.
Criminals Crafting Chaos with AI
The use of generative AI to fuel cyberattacks has surged over the past 12 months and these threat actors aren’t showing any signs of slowing down.
Just as easily as we can produce an eloquent email using linguistic AI tools, cyber criminals can repurpose these technologies to craft flawless, personalised phishing emails, mimicking the language and tone of genuine communications and making it increasingly challenging for recipients to differentiate the fraudulent from the authentic. An example of these repurposed technologies is WormGPT, which must be purchased via the dark web and, similar to its non-threatening counterpart (ChatGPT), can write code automatically, including malware and cybersecurity exploits, without protections built in to stop it being misused.
Although linguistic AI is a speedy and straightforward way for criminals to enhance their attack methods, social engineering scams can come in multiple other disguises. One that has been growing in popularity amongst threat actors is the use of visual AI to deceive victims with fake images. When Turkey and Syria were hit with devastating earthquakes in February 2023 and there were global efforts to raise money and help the victims of the disaster, many cyber criminals took this as an opportunity to create realistic images of the ruins and share them on social media to seek donations – which were, of course, deposited into their own pockets. As images are more likely to elicit emotions and prompt quicker reactions, criminals are finding these types of scams more effective than traditional phishing emails.
If there is one situation in which humans are guaranteed to take swift action, it’s hearing the voice of their loved one in trouble, and this is exactly how cyber criminals have begun misusing audio-generation AI. All it takes is a voice-cloning tool to mimic the voice of a loved one, and a quick phone call to convince the victim that their family member or friend is in danger and will be released once a ransom payment has been made. Authenticating these phone calls would prove extremely challenging, and it’s this kind of deception that has boosted the popularity of audio-generating tools in the world of cybercrime.
How can AI-led cybercrime be countered?
It goes without saying that generative AI, with its diverse modalities, has revolutionised the way we interact with the world, offering endless opportunities across all industries. However, with great innovation comes great risk.
The increase in GenAI usage has provided cyber criminals with a variety of tools to elevate their attack methods, making it a necessity for individuals to exercise caution when opening emails, clicking unfamiliar links, and answering calls from unknown numbers.
These types of attacks usually have some key indicators that we should constantly watch out for when navigating the digital landscape. Although the use of text-generation AI can improve the quality of language used in malicious emails, there are often red flags such as unusual email addresses, misspelt domain names, and requests for personal or financial information. Interacting with these emails in any way is advised against, and recipients should report the email immediately.
Similarly, when receiving unsolicited phone calls from automated voices that sound uncannily human, it’s important to be cautious about what they are asking of you. The malicious actors behind these scam calls often exploit the victim’s potential distraction, leading them to divulge information in a bid to swiftly conclude the call.
Cyberattacks powered by GenAI flourish through their capacity to deceive victims into perceiving them as genuine human interactions. Therefore, the most imperative action is to consistently verify sources, whether they involve websites, emails, links, or phone numbers, prior to any engagement.
As we approach a future dominated by the use of generative AI, we face the challenge of weighing its numerous advantages against the risk of potential exploitation.