UK intelligence agencies have warned that the number and impact of ransomware attacks will increase over the next two years due to developments in artificial intelligence (AI) technology. The National Cyber Security Center (NCSC) said in an all-source intelligence assessment released on Wednesday based on classified intelligence, industry knowledge, academic material and public sources that it was "almost certain" of the increase, the highest level of confidence used by British intelligence analysts.
NCSC experts, part of the cyber and signals intelligence agency GCHQ, warned that the benefits of AI tools would be uneven across different threat actors.
Currently, generative AI is being used to improve "reconnaissance and social engineering capabilities," making both tasks "more effective, efficient, and harder to detect."
AI is also seen as having the potential to assist "malware and vulnerability development, vulnerability research and lateral movement" by making existing technologies more efficient.
The good news, according to intelligence experts, is that only the best-resourced threat actors will be able to leverage these more sophisticated AI to enhance cyber operations, and even then, "it's unlikely to happen before 2025."
One limiting factor in using AI tools for sophisticated hacking is that developers need access to high-quality exploit data to train their models. Currently, this is a realistic possibility only if "capable states possess malware libraries large enough to effectively train AI models for this purpose."
"Training AI on high-quality data will remain key to its effective use in cyber operations through 2025. Barriers to automated reconnaissance targeting, social engineering and malware scaling are all primarily related to data. But these barriers mean that as more hackers successfully steal this data, threat actors will be able to train more advanced tools as a result, again enabling them to steal more data in a positive feedback loop."
"By 2025 and beyond, the data powering AI will almost certainly improve as successful exfiltration events occur, allowing cyber operations to become faster and more precise," the assessment report states.
According to the latest batch of security incident trend data released by the UK Information Commissioner's Office (ICO), UK organizations suffered a total of 874 ransomware attacks in the first three quarters of 2023, a surge compared with the 739 incidents recorded in all of 2022.
James Babbage, director general of threats at the National Crime Agency, said: "Ransomware remains a national security threat. As this report shows, the threat is likely to increase in the coming years due to advances in artificial intelligence and cybercriminals' exploitation of this technology."
"AI services lower barriers to entry, increase the number of cybercriminals and will enhance their capabilities by increasing the scale, speed and effectiveness of existing attack methods," Babbage warned, adding that cases of fraud and child sexual abuse could also be affected.
Outgoing National Computer Security Council CEO Lindy Cameron said: "The emerging use of artificial intelligence in cyberattacks is evolutionary rather than revolutionary, meaning it enhances existing threats such as ransomware but will not change the risk landscape in the short term. While the National Computer Security Council does its best to ensure that AI systems are securely designed, we urge organizations and individuals to follow our ransomware and cybersecurity hygiene recommendations to strengthen defenses and improve their ability to withstand cyberattacks."