NCSC: AI to significantly boost cyber threats over next two years

25.01.2024

A report released by the National Cyber Security Centre (NCSC) in the United Kingdom emphasizes the escalating cyber threats posed by artificial intelligence (AI) in the coming two years. The center specifically highlights a surge in ransomware attacks, where malicious software is deployed by hackers to encrypt a victim’s files or entire system, demanding a ransom for the decryption key.

The NCSC assessment points to the role of AI in enhancing threat actors’ capabilities, particularly in conducting more sophisticated phishing attacks that deceive individuals into divulging sensitive information or clicking on malicious links. The report underscores that generative AI is already capable of crafting convincing interactions and documents, devoid of the typical errors found in phishing emails.

The emergence of generative AI, capable of creating deceptive content without common phishing red flags, is identified as a significant factor contributing to the growing threat landscape over the next two years. The assessment also highlights challenges in cyber resilience, citing the difficulty in verifying the legitimacy of emails and password reset requests due to generative AI and large language models. Additionally, the report notes the shrinking time window between security updates and threat exploitation, complicating rapid vulnerability patching for network managers.

James Babbage, the director general for threats at the National Crime Agency, remarks, “AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed, and effectiveness of existing attack methods.”

Despite the concerns, the NCSC report outlines the potential for AI to strengthen cybersecurity through enhanced attack detection and system design. It advocates for further research into how developments in defensive AI solutions can mitigate evolving threats.

While advanced AI-powered cyber operations currently remain feasible mainly for highly capable state actors with access to quality data, skills, tools, and time, the NCSC warns that these barriers to entry will progressively diminish as capable groups monetize and sell AI-enabled hacking tools.

Extent of capability uplift by AI over next two years:

Lindy Cameron, the Chief Executive Officer of the National Cyber Security Centre (NCSC), has emphasized the imperative of effectively harnessing the vast potential of AI technology while concurrently managing the associated risks, particularly its implications for the cyber threat landscape. Cameron stated, “We must ensure that we both harness AI technology for its vast potential and manage its risks – including its implications on the cyber threat.”

In a proactive move, the UK government has allocated £2.6 billion as part of its Cyber Security Strategy 2022 to fortify the nation’s resilience against emerging high-tech threats. Recognizing the transformative impact of AI on the cyber risk landscape in the imminent future, the government underscores the critical need for sustained investment in defensive capabilities and research. This ongoing commitment is deemed essential to effectively counteract the potential of AI to empower malicious actors in the realm of cybersecurity.