Seguridad & Defensa

Kaspersky identifies leading cyberthreat trends worldwide | N7152

Mr Kamluk delivers a keynote speech at the APAC Cyber Security Weekend that ran under the theme ‘Post AI: Building a Safer Tomorrow’ held in Sri Lanka.
Supply chain attacks, artificial intelligence (AI) vulnerabilities and the infiltration of trusted communities are among the key cyberthreat trends, according to Russian security firm Kaspersky.

The most common cybercrime globally is ransomware, with threat actors running it like a business, dubbed ransomware as a service, Igor Kuznetsov, director of Kaspersky’s Global Research & Analysis Team, told the recent APAC Cyber Security Weekend themed «Post AI: Building a Safer Tomorrow» in Sri Lanka.

He said the most common infection vectors being exploited are public-use applications, followed by the compromise of accounts and brute force attacks on credentials.

An emerging threat that should be accounted for is the compromise of supply chains and trusted relationships, with half of such cases being noticed only after the attack succeeded.

Government, financial institutions and manufacturing were the most attacked sectors, said Mr Kuznetsov.

Operation Triangulation

Cybercriminals have developed a highly advanced attack targeting iOS devices. This attack, known as Operation Triangulation, exploits critical hardware vulnerabilities in Apple’s central processing units, allowing hackers to take complete control of infected phones without any user interaction.

The attack involves sending a malicious iMessage to the devices which, once opened, installs harmful software on the devices.

To protect against such threats, Apple has patched the vulnerabilities, but users are advised to keep their iOS devices updated, regularly restart their phones and exercise caution with iMessages.

AI cybercrime

Alexey Antonov, data science team head at Kaspersky, said AI can enhance social engineering attacks by creating more natural sounding emails and input for phishing attacks, generate passwords, help code malware and even perform password attacks.

The advent of AI also means that cybercriminals can target potential victims with adversarial attacks, by making small modifications to files so that AI systems can be manipulated to misclassify malware as safe files.

To further enhance security and detection rates, Kaspersky imitates adversarial attacks on its own malware detection models.

AI-related attacks have seen rapid growth recently. Some of the attacks using AI still require highly skilled data scientists and significant efforts, but other attacks using AI can deploy tools available to the public.

Now that AI can crack passwords three times faster than before, 78% of passwords can be cracked in less than 60 minutes.

The other trend is AI vulnerabilities. Some AI models can be forced to do unexpected things. For example, a number of prompt attacks on large language models occurred last year.

«For Kaspersky, we can leverage AI to detect malicious attacks and emerging threats, especially seeing the number of potential malware that occurred with 411,000 unique malware samples detected daily in 2024 alone and over 403,000 daily in 2023,» said Mr Antonov.

Supply chain attacks

«In the digital era, the modern supply chain also includes the flow of information, software and digital services,» said Vitaly Kamluk, cybersecurity expert of the global research and analysis team at Kaspersky.

Supply chain attacks can damage critical infrastructure such as hospitals, banks, airlines and more.

One recent example of supply chain failure is when US-based cybersecurity company CrowdStrike issued an erroneous software update which crashed countless Microsoft Windows computer systems around the world.

Mr Kamluk said potential avenues for a supply chain attack on machine learning models would be to manipulate the training data to introduce biases and vulnerabilities into the model or modify the AI model with an altered version so that it would produce incorrect output.

Faulty software in the Linux XZ utility tool was compromised in a supply chain attack. A backdoor was inserted into the software that allowed attackers to monitor all connections to the infected machine and authenticate themselves using a hidden key. This backdoor was highly sophisticated and designed to evade detection.

He said attackers also infiltrate a trusted community to create a fake persona, contribute code in open-source projects and find a good moment to inject malicious code.

AI in cybersecurity

Mr Kamluk said AI is poised to revolutionise cybersecurity through various applications. It can autonomously threaten, adapt defences in real-time and enforce strict access controls with zero-trust architecture.

Beyond this, AI can analyse human behaviour patterns for anomalies, detect deepfakes, predict potential security breaches and rapidly respond to cyber incidents.

Furthermore, AI can streamline security operations by intelligently managing and coordinating security tools and processes.

Supply chain attacks on AI are a growing concern. One method involves manipulating training data to degrade model performance. This can be executed by malicious insiders or by compromising the data source.

Additionally, attackers can embed hidden activation functions within AI tools to gain unauthorised access to sensitive data. Furthermore, intentional malfunctions or vulnerabilities can be introduced into AI models, creating a time-bomb effect that undermines the AI’s capabilities over time.

These attacks highlight the critical need for robust security measures in the AI supply chain.

Cyber-resilience

Adrian Hia, managing director of Asia Pacific at Kaspersky, said for many organisations the integration of AI is inevitable, but stakeholders need to be aware of data compliance, especially when combined with the use of AI.

Policies need to be implemented to cover how confidential data is treated and what aspects of that data are accessible by AI.

«Leveraging multiple systems through on-premises, private, hybrid and multi-cloud environments to ensure uptime and business resilience is key to minimising IT outage risks,» said Mr Hia.

 

 

Deja una respuesta