The field of information security is undergoing a significant transformation with the development of artificial intelligence [AI] technologies. New AI solutions offer a wide range of options for protecting systems and data from advanced threats by performing automatic actions and drawing conclusions based on artificial intelligence and machine learning while improving the efficiency of security teams.
There are many aspects to artificial intelligence in cyber security. Sophos, like most providers, leverages artificial intelligence to optimize the detection of attacks and the execution of responses – activities that occur behind the scenes of the company’s security technologies and services. We integrate artificial intelligence into everything we do, from Sophos X-Ops threat intelligence to the latest cyber solutions, to enable our technologies and human experts to isolate and respond to critical alerts and incidents as quickly as possible. We will continue to develop the co-pilot AI security model to identify new threats and to fully automate our security operations to combat the growing threats.
Artificial intelligence continues to play a critical role in identifying, analyzing and resolving threats. With the addition of large language models, we expect improvements in all of our AI capabilities. We adapt s’LLM to improve effective threat detection models and develop our own co-pilot to standardize how human analysts interact with threat intelligence and incident resolution. Artificial intelligence is a necessary part of cyber defense and will integrate with the field more closely in the future.
The Dark Side of AI: Creating Fraud
Another facet of artificial intelligence is the use of fraud created by AI. SophosAI, which operates as part of Sophos X-Ops which investigates artificial intelligence in the security field, recently revealed how attackers can leverage artificial intelligence to create real-looking but malicious websites to lure and deceive users. In the report “The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI”, Sophos recently revealed how in the not too distant future an attack group could leverage technology like ChatGPT to commit massive scale scams with minimal technical skills.
Using a simple e-commerce template and an LLM tool like GPT-4, the Sophos X-Ops team was able to build a fully functional website with AI-generated images, audio and product descriptions, as well as a fake Facebook login page and a fake payment page, which can steal users’ passwords and credit information . The establishment and operation of the site require minimal technical knowledge, and using the same tool the research team was able to create hundreds of similar sites within minutes and in one operation.
It is natural and expected that cybercriminals will adopt new technologies to improve automation. The creation of spam was a critical step in fraud technology because it changed the scale of the playing field. The new AI tools are designed to do the same; AI technology can produce significant threats, and eventually it can be assumed that criminals will use it. We’ve already seen the incorporation of AI elements in classic scams, such as AI-generated text or images to lure victims.
However, one of the reasons we did the research was to try and be one step ahead of the criminals. By creating a system for creating large-scale fake websites that is actually more advanced than the tools criminals use today, we have a unique opportunity to analyze and prepare for a threat before it escalates.
This is another example of how Sophos makes every effort to innovate and constantly think of solutions, with the anticipation of the attacker’s next move in the background. Sophos, with its variety of solutions, can protect in a better way, in real time, for the simple reason that we are always thinking of the next thing and incorporating it into our cyber security solutions.
Ben Gelman, Senior Data Scientist at Sophos.