Corvus’ Rebholz on how hostile states are using GenAI against us and why it could be worse

Corvus’ chief information security officer (CISO) Jason Rebholz explains how state-backed threat actor groups are leveraging generative AI and how their use of advanced technology has the potential to exacerbate the existing threat landscape.

The launch of ChatGPT in 2022 has further fuelled concerns about the negative impact of generative AI on cybersecurity, potentially placing further strain on already stretched security programs. To help us predict the future impact on cybersecurity, we can look at how the most well-resourced threat actors are jumping into the GenAI pool.

Even before GenAI arrived on the scene, nation-state threat actors were keeping security experts, cyber insurers, and their regulators busy.

The NotPetya malware attack back in 2017, the most destructive malware ever deployed at the time, was a big wake-up call as to the destructive power nation-state threats have at their disposal and what can happen when it escapes their control.

But since ChatGPT debuted in November 2022, unease has grown that highly motivated, generously resourced state-backed attackers are becoming better equipped to disrupt their adversaries and with greater ease.

That is because of the technology’s unprecedented ability to process, find patterns in, and create content from vast terabytes of data at speed.

In February 2023, a Blackberry survey found that 71 percent of North American, UK, and Australian IT leaders expected nation-states to use ChatGPT against their enemies.

More than half believed we were less than a year away from a successful ChatGPT-facilitated attack.

A year later, research from Microsoft/OpenAI moved us from conjecture to fact for the first time. The good news is that nation-state threat actors are just testing the waters.

The tech pioneers merged Microsoft's threat intelligence with OpenAI’s monitoring of ChatGPT usage. In doing so, they found that actors from China, Russia, North Korea, and Iran were taking “early-stage, incremental” steps in using GenAI.

While that sounds terrifying, there is a silver lining. Even while testing the waters, these advanced threat actors were not rewriting the rules of cyber attacks.

Microsoft/OpenAI disclosed that these nation-state threats used ChatGPT to make certain hacking activities easier.

This included reconnaissance on potential targets and getting up to speed on their target's technology, such as a Russian gang gathering information on satellites.

They also looked for assistance with coding, including improving basic scripts or in the case of Iran, using ChatGPT to assist with the development of code to evade detection from anti-virus.

Perhaps most unsurprising was the use of ChatGPT to generate content for spear phishing, including making emails look more realistic and remove language barriers.

Something North Korea used to draft phishing emails that could better target individuals in specific regions.

Most importantly, Microsoft/OpenAI identified no significant attacks using ChatGPT that it monitored closely.

In short, the research shows that threat actors used, and will doubtless continue to use, GenAI to make the more tedious parts of their jobs easier.

It is an evolution, not a revolution, and defenders should respond by staying focused on the critical elements of cybersecurity in the here and now rather than worrying unduly about the future.

That includes keeping perimeters secure and using phishing-resistant multi-factor authentication.

It also includes having a strong detection and response capability, whether in-house or external.

Of course, the speed of innovation among cybercriminals in general is troubling, especially when it concerns the adoption of GenAI in their tactics.

Nation-states, though, are in a position to invest much greater resources into AI and incorporate it into their cyber attacks, compared to cybercriminals.

Over time, the growing sophistication and technology nation-states develop will trickle down to cybercriminals, increasing the efficacy of all attacks, including ransomware.

In late January, FBI director Christopher Wray made headlines when he warned of a 50:1 cyber specialist advantage China has over the US and predicted that the Asian country was preparing to “wreak havoc” with US critical infrastructure.

However, Wray also stressed that we should not lose sight of the fact that we have the ability to protect ourselves.

Skilled cyber attackers, a deteriorating global geopolitical situation, and GenAI create a potent cocktail, for sure, but the Microsoft/OpenAI research suggests we aren’t there just yet.

The creation of a single-click “Go hack” button is not the development that should be concerning us right now.

Instead, it is essential to remain focused on the threats in front of us today rather than succumbing to paralysis based on what may come because the steps you take to face today’s threats will better prepare you for the future threats fuelled by GenAI.

Jason Rebholz is chief information security officer at Corvus