A brit Nemzeti Kiberbiztonsági Központ figyelmeztet: az AI fokozni fogja a kibertámadások hatását
The UK’s National Cyber Security Centre (NCSC) has produced a threat report on the impact of AI on cybersecurity and the results are roughly what you’d expect - the proliferation of AI systems will generally increase cyber threats and make a bunch of cyber capabilities cheaper. The NCSC is a government organization which brings together experts from the UK’s NSA (GCHQ), as well as other parts of government tasked with cyber defense and threat intelligence.
The NCSC report uses “all-source information – classified intelligence, industry knowledge, academic material and open source – to provide independent key judgements that inform policy decision making and improve UK cyber security,” according to the NSCS. The NCSC assigns a 95% chance to the idea that AI will “increase the volume and heighten the impact of cyber attacks”, though notes that through to 2025 the threat “comes from evolution and enhancement of existing tactics, techniques and procedures” rather than the creation of entirely new approaches to cyber war.
- Assigns a 95% probability that AI will increase the volume and impact of cyber attacks
- AI provides capability uplift in reconnaissance and social engineering
- Helps threat actors analyze exfiltrated data faster and more effectively
- Threat actors are already using AI for phishing, coding, and reconnaissance
- Initial threats through 2025 will mostly be enhancements of existing tactics
Miért fontos?
“Threat actors, including ransomware actors, are already using AI to increase the efficiency and effectiveness of aspects of cyber operations, such as reconnaissance, phishing and coding. This trend will almost certainly continue to 2025 and beyond,” it writes. Which means that the cyber environment - in terms of both offenses and defenses - is now sitting on the same kind of scaling law behavior which the rest of AI is on. More, better, faster, and cheaper - for criminals as well as everyone else.