Page 195 - Cyber Defense eMagazine December 2023
P. 195
explosion in connected mobile devices and 5G-enabled Internet of Things, the avenues for cyber-attacks
look only likely to increase in the coming years.
As a global insurer, Allianz Commercial monitors the emerging threat landscape and assists its clients
with mitigating these risks. Here are three key cyber threats currently on our radar:
1. Artificial Intelligence
Artificial intelligence (AI) is widely expectedto power futureransomware attacks, with automated attack
processes, more convincing phishing, and faster malware development. However, it could also
enhance cyber security, with more effective and faster detection and threat intelligence.
Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI
can help less technically proficient threat actors write their own code or create new strains and variations
of existing ransomware, potentially increasing the number of attacks they can execute. We can expect
an increased utilization of AI by malicious actors in the future, necessitating even stronger cyber security
measures.
Voice simulation software has been a recent addition to the cyber criminal’s arsenal. In 2019, the CRO
of a British energy provider transferred €220,000 to a scammer after they received a call from what
sounded like the head of the unit’s parent company, asking them to wire money to a supplier. The voice
was generated using AI. In August 2023, researchers at the Google-owned cybersecurity company
Mandiant documented the first known instances of deepfake video technology designed and sold for
phishing scams. The going rate was as little as US $20 per minute, US $250 for a full video or US $200
for a training session, although the researchers were unable to confirm that the services they identified
on hacker forums were legitimate or whether a deepfake has been used in any scam.
AI will help threat actors, but it is also a powerful tool for detection. We might see more AI-enabled
incidents in the future, but investment in detection backed by AI should catch more incidents early. If we
can keep pace with developments in AI, there is always the chance it might not change the picture too
much from today, neither in favor of the company nor the attacker.
2. Mobile Devices
Lax security and the mixing of personal and corporate data on mobile devices, including smartphones,
tablets and laptops, is making for an attractive target for cyber criminals. Allianz Commercial has seen a
growing number of incidents caused by poor cyber security around mobile devices. During the pandemic
many organizations enabled new ways of accessing their corporate network via private devices, without
the need for multi-factor authentication (MFA). This also resulted in a number of successful cyberattacks
and large claims.
Cyber criminals are now targeting mobile devices with specific malware in order to gain remote access,
steal login credentials, or to deploy ransomware. Increasingly we have corporate and personal
Cyber Defense eMagazine – December 2023 Edition 195
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.