Information is power, but misinformation is just as powerful
- The disinformation and manipulation techniques employed by cybercriminals are becoming increasingly sophisticated due to the implementation of Artificial Intelligence in their systems
The post-truth era has reached new heights with the advent of artificial intelligence (AI). With the increasing popularity and use of generative AI tools such as ChatGPT, the task of discerning between what is real and fake has become more complicated, and cybercriminals are leveraging these tools to create increasingly sophisticated threats.
Check Point Software Technologies has found that one in 34 companies have experienced an attempted ransomware attack in the first three quarters of 2023, an increase of 4% over last year. Cyberthreats are not only more numerous, but increasingly complex, effective, and harder to detect as they are driven by artificial intelligence, organized ransomware groups and hacktivism. While cyberattacks are often related to data destruction and theft, cybercriminals often use the creation of fake data and impersonation to spread chaos and misinformation.
In recent years, the term ‘disinformation’ has gained prominence and is presented as one of the main cybersecurity risks. The aim of information manipulation can be to access and steal sensitive information from companies and government agencies.
Cybercriminals are also using deepfake to obtain this sensitive information
One of the most common techniques for obtaining this information is phishing. This is the creation of fake emails or text messages in which attackers impersonate identities. Phishing attacks are becoming more convincing as they employ machine learning techniques that increasingly refine the scams.
Cybercriminals also use deepfake to obtain this sensitive information, as they can impersonate videos and images to make the deception more plausible, or even scam with deepfake voice calls. This advance in techniques for creating cyberattacks has increased the impact of ransomware attacks, one of the biggest threats in recent years, leading to an increase of more than 37% in the last year, with ransom demands exceeding five million dollars.
Disinformation has also been used to contribute to political and media manipulation: it can influence important processes such as voting, discredit opponents, create polarization of public opinion and generate chaos and controversy among the population. These hacktivist threats use phishing to gain access to sensitive government information and generate fake news that may be accompanied by deepfake images or videos to manipulate people to achieve their political ends.
Given this situation, it is increasingly necessary to take measures to curb all the threats created with this new technology and to provide users with the necessary tools to detect what information is correct and what is hidden in a cyberattack. For this, Check Point Software recommends users to:
- Identity verification as a firewall: implementing multi-factor authentication, such as implementing two-factor authentication and using biometric technologies such as facial recognition or fingerprints, is essential to prevent advanced cyber-attacks with AI.
- Zero trust at the core: just as it is always better to vaccinate a patient to prevent diseases before they occur, in cybersecurity it is better to detect and prevent cyberattacks before they infect a network. Real-time threat detection solutions can help uncover anomalous traffic patterns, while threat intelligence can help actively block malware before it penetrates a network. The goal is not to trust anything on the network until there is verification.
- Cybersecurity and AI hand in hand: from now on, artificial intelligence will be paramount to respond to threats more effectively. These AI-integrated solutions can detect anomalies faster to respond as quickly as possible and mitigate damage.
- Always update: patching is a critical component of defending against ransomware attacks, as cybercriminals often look for the latest exploits discovered in available patches and then target systems that do not yet have them.
- Cybersecurity training: the whole team should have basic training on cybersecurity measures and awareness of the risks posed by cyberthreats. In this way they will be able to detect which information has signs of being a trap.
With AI-based attacks that misappropriate, manipulate, and disseminate false information seemingly on the rise, businesses need to protect themselves and keep pace with cybercriminals. It is essential that organizations adopt strategies to prevent threats and invest in the development of cybersecurity and the implementation of AI in their systems. Cyberattacks are going to become more frequent and effective, and their deception techniques more sophisticated and credible. It is essential to have a solid cybersecurity strategy that is constantly under review to update for prevention-first security.