Expect a deepfakes surge as hackers master use of AI, Machine Learning

According to the experts, 2023 saw QR code-based phishing (quishing) gain popularity and witnessed an uptick in more advanced tactics such as man-in-the-middle (MITM) and adversary-in-the-middle (AiTM) attack methods that leverage tools like EvilProxy. In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific

With the growth of Large Language Models (LLMs) like OpenAI's ChatGPT, Artificial Intelligence (AI) exploded in the public arena in 2023. According to experts, this trend is expected to continue beyond 2024, as both hackers and cybersecurity professionals continue to improve their usage of AI and Machine Learning (ML).

Recently, Infosys founder Narayana Murthy's two new deepfake videos were shared on social media, purportedly promoting a so-called investing platform ‘Quantum AI’, claiming that the user of this new technology would be able to earn $3,000 (around Rs. 2.5 lakh) on the first working day.

One of the videos showed a morphed version of Murthy claiming to be working on a ‘Quantum AI’ project with tech billionaire Elon Musk.

Zerodha co-founder and CEO Nithin Kamath posted his own deepfake video, which was convincing enough to fool users into believing that it was Kamath himself. He said the aim was to highlight the growing threat posed by AI.

Attacks will become more sophisticated as threat actors continue to use AI tools and 2024 will likely witness an increase in AI-assisted and AI-driven attacks successfully bypassing security controls such as Multi-Factor Authentication (MFA), Zero Trust and other fundamental security technologies and defences.

According to information security company CyberArk, deepfakes will pose a looming threat to India's cybersecurity in 2024. These attacks will target individuals, businesses and even government institutions, aiming to spread misinformation, manipulate public opinion, and disrupt critical infrastructure.

The financial repercussions of these attacks could be severe, potentially leading to reputational damage, loss of investor confidence, and even economic instability.

The recent deepfake controversies with actresses Rashmika Mandanna, Kajol and Katrina Kaif have made this a public issue. With India and the US both going into major election years, the experts believe deep fakes are likely to continue being prominent in cybersecurity and misinformation campaigns.

“To combat this growing threat, Indian organisations must invest in deepfake detection and mitigation technologies, raise awareness among their employees about the dangers of deepfakes, and develop robust cybersecurity strategies that can withstand these sophisticated attacks," the researchers said.

The researchers also predicted that ransomware attacks are expected to surge in 2024, surpassing the alarming 91 per cent reported in 2022 and said that a rise in cloud adoption could lead to a surge of identity-based attacks.

As per International Data Corporation (IDC), the overall India public cloud services market is expected to surge to $17.8 billion by 2027, exhibiting a formidable CAGR of 23.4 per cent for the period spanning 2022-2027.

According to the cybersecurity company Securonix, financial services, healthcare and education will continue to attract the attention of threat actors as their economic importance and data value make them especially attractive targets.

In late 2022, AIIMS Delhi faced a crippling attack before successfully thwarting another in mid-2023.

"Governmental and non-governmental organisations working on important economic, justice and civic issues are also likely to be a target of misinformation and cyberattack campaigns from foreign and domestic actors," the experts said.

When it comes to phishing emails and social engineering exploits, the trend is likely to continue in 2024.

Last year, phishing attempts surged by 62 per cent and threat actors will likely continue to use phishing emails as a main source of compromise in 2024 with new and evolved tactics, techniques and procedures (TTPs).

According to the experts, 2023 saw QR code-based phishing (quishing) gain popularity and witnessed an uptick in more advanced tactics such as man-in-the-middle (MITM) and adversary-in-the-middle (AiTM) attack methods that leverage tools like EvilProxy. In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific.

The experts also said to prepare for new type of AI-based attacks that might appear in 2024.

"An equally potent threat emerges for every positive stride made in the realm of AI. The dark side of AI can manifest in sophisticated cyber threats and malicious activities fuelled by the same technologies that are designed to enhance efficiency, automation, and decision-making," said CyberArk researchers.

They further said, “As AI becomes more pervasive, adversaries will quickly capitalise on its capabilities, crafting new attack vectors that exploit vulnerabilities in novel ways."

The researchers suggested these predictions for the next year underline the urgency for organisations to invest in cutting-edge technologies, raise awareness, and craft robust strategies that can withstand the onslaught of evolving cyber threats.