Amidst a surge in ransomware activity, a recent report from the National Cyber Security Centre (NCSC) predicts a global increase in cyber threats in the coming year, fueled by advancements in AI techniques, particularly in phishing. Published under the title "The Near-Term Impact of AI on the Cyber Threat," the NCSC report draws attention to concerning trends, based on a comprehensive assessment utilizing classified intelligence, industry knowledge, academic resources, and open-source data.

 

The report underscores the potential of AI tools to enhance the efficiency of malware development and exploit creation, enabling more effective phishing campaigns. While ransomware remains a persistent challenge, the report forecasts a heightened risk landscape, especially in the realm of phishing, with AI-driven improvements exacerbating the situation.

 

Highlighting the dramatic rise in ransomware attacks in the past year, the report points to an 84% increase between 2022 and 2023, as revealed by a threat report from NCC Group. The NCSC suggests that cybercriminals leveraging AI models for improved access will contribute significantly to the global ransomware threat in the near term, emphasizing the crucial role of phishing in initiating cybercrime activities.

 

Anticipating developments by 2025, the report suggests that generative AI (GenAI) and large language models will pose challenges for cybersecurity professionals, making it harder to identify phishing emails and social engineering attempts. The NCSC predicts that evolving AI models will not only sustain but also amplify spear phishing and social engineering threats, providing a considerable boost to the capabilities of less skilled threat actors.

 

The report warns that AI will likely increase the impact of cyber attacks against the UK, as threat actors gain the ability to analyze exfiltrated data more efficiently, using it to train AI models. The assessments are based on the NCSC's "probability yardstick," encompassing likelihood ranges from "remote" to "almost certain."

 

Beyond the immediate concerns related to ransomware, the report addresses the broader implications of AI, suggesting that it may widen the pool of threat actors capable of conducting ransomware attacks. It highlights the as-a-service business model, which facilitates the accessibility of ransomware programs for affiliates, contributing to the overall increase in ransomware activity.

 

The report also emphasizes the potential for commoditization of cybercrime capabilities, with as-a-service models extending beyond ransomware to include GenAI as a service. It asserts that AI-enabled cyber tools will likely become available to a broader audience, further intensifying the cyber threat landscape.

 

Additionally, the report acknowledges the accelerating exploitation of software vulnerabilities by threat actors, a trend that AI is expected to exacerbate by speeding up reconnaissance to identify vulnerable devices. However, it suggests that AI's impact on malware and exploit development for capable state actors and organized cybercrime groups may be limited, offering some positive outlooks on threat detection capabilities and defense against phishing campaigns.

 

While acknowledging the challenges posed by AI advancements in the context of ransomware, experts also see potential positive outcomes that organizations, including cybersecurity agencies, can leverage to stay ahead of evolving threats. Nitin Natarajan from CISA emphasizes the need to remain vigilant, while Tamara Chacon at Splunk underscores the nuances of AI's role in cyber threats, particularly in crafting phishing emails.