The UK’s National Cyber Security Centre (NCSC) has released a report suggesting that artificial intelligence (AI) could significantly increase cyber threats, including ransomware attacks, within the next two years. The report outlines how AI could be harnessed to enhance cybersecurity through detection and advanced design to counterbalance its impact on cyber threats.
The NCSC report recommends further research to assess how advancements in AI within cybersecurity can mitigate the impact of threats. Ransomware, a prevalent cyber attack method, involves malicious software that encrypts a victim’s files or entire system, with attackers demanding a ransom, typically in cryptocurrency, to restore access.
The report anticipates that the influence of AI on cyber threats will shift in favor of sophisticated state actors with greater access to advanced AI-driven cyber operations. It highlights social engineering as a critical area where AI capabilities will significantly improve, making phishing attacks more convincing and harder to detect.
NCSC’s report states that AI will primarily enhance threat actors’ capabilities in social engineering. Generative AI can create persuasive interactions free from translation and grammatical errors common in identity theft, with this trend expected to grow as models develop and gain popularity over the next two years. NCSC’s Director for Threats, James Babbage, notes that AI services will increase the number of cybercriminals and enhance the scale, speed, and efficiency of existing attack methods.
The NCSC assessment points to challenges in cyber resilience due to AI models like generative AI and large language models, complicating the validation of emails and password reset requests. The report suggests that as AI models become more widespread, factors such as expertise, tools, time, and money will become less significant, increasing the accessibility of AI-powered cyber tools for capable groups to monetize and offer to anyone willing to pay.