Technological advancements over the past year across the APAC region have been focused on artificial intelligence (AI) and cybersecurity, according to Darktrace. These two interlinked domains have crucial implications for the future. AI's monumental leap forward with GenAI has brought concerns over its use, while numerous prominent firms have suffered from the fallout caused by cyber-attacks. The intersection of AI and cybersecurity is particularly noteworthy when it comes to harnessing AI for protection against novel threats and using it to launch sophisticated hacks.
Darktrace, a global vendor in AI cybersecurity, has provided some predictions for 2024 in relation to AI and cybersecurity. Oakley Cox, Analyst Technical Director, APAC, at Darktrace, presents insights into two potential developments. Firstly, he suggests Generative AI will allow attackers to phish across language barriers. Until now, most cyber-enabled social engineering has been directed in English, thereby limiting their impact on the diverse language environment of the APAC region. The advent of Generative AI lowers the barrier for composing text in foreign languages. Locally phrased phishing attacks can bypass traditional security measures trained on English-language emails, targeting employees who may not be prepared for such native-language attacks.
Oakley also brings another shift into perspective. As AI finds broader applications in augmenting software development, defenders can utilise it to detect vulnerabilities in their software. But this prospect also means AI could empower adversaries with new avenues to exploit these vulnerabilities and launch attacks.
Looking into another angle, Liam Dermody, Director of Red Team at Darktrace, predicts a rise in ransomware attacks targeting the APAC region. He reasons that the APAC countries are comparable to Central America, which experienced a startling increase in ransomware attacks in 2022. With the fastest growing economies yet unprepared businesses as compared to other regions, APAC could be a lucrative greenfield for ransomware operators. Coupled with minimal risks posed by increased scrutiny from western governments and intelligence agencies, APAC could be a prime target for ransomware crews.
Liam Dermody also anticipates a surge in Multifactor Authentication bypass attacks. With the wide adoption of Multifactor Authentication (MFA) in cybersecurity frameworks, attackers have found ways to bypass it. He sees the need to view MFA beyond the credential protection heuristic and to focus on unusual activities during and post-authentication. Accomplishing this would require a deep understanding of an identity's 'usual' patterns, a task that may be difficult to undertake using AI or Machine Learning to recognise patterns of life.
Lastly, Tony Jarvis, VP of Enterprise Security at Darktrace, anticipates governments taking a more active role in combating ransomware, with the Australian government already mandating businesses to report ransomware activities. Nicole Carignan, VP of Strategic Cyber AI, comments that AI researchers will turn to new techniques to enhance the performance of Large Language Models without merely increasing computing and data resources. Finally, Philip Sellars, Machine Learning Researcher, suggests that minimising AI hallucinations will be a pressing focus in 2024 with the increased deployment of generative AI tools.