The New Frontiers of Cyber Attacks: GenAI and Chat Services
- By Chris Thomas, ExtraHop
- August 12, 2024
Cybersecurity threats are dynamic, with attackers perpetually evolving their strategies to penetrate defenses and infiltrate organizations covertly. As we reach the mid-point of 2024, three key trends are set to keep security professionals busy in the second half of the year.
The AI arms race to intensify
Ever since the recent breakthroughs in AI, cybersecurity has been characterized by a tit-for-tat between threat actors and organizations.
In early 2023, it was discovered that users could manipulate AI to create new types of malware, a troubling development that emerged soon after the launch of ChatGPT in late 2022. The new types of malware are specifically designed to bypass endpoint detection and response (EDR), showing a new level of sophistication and use for threat actors.
While mainstream AI tools, such as ChatGPT, have added filters to prevent users from instructing them to generate malicious content, these measures are far from perfect. Skilled attackers have discovered ways to fool AI systems into creating malicious code under the guise of testing vulnerabilities or improving security measures. Moreover, AI applications on the dark web are explicitly designed for malicious purposes, lacking any ethical limitations or safeguards.
Threat actors also use AI to produce malware and sophisticated phishing and smishing efforts. AI helps make these messages more convincing and limits any mistakes, thus making them harder to identify than traditional phishing attempts, which typically have spelling and grammar mistakes.
Chat platforms: A new arena for cyber attacks
Another concerning trend is the exploitation of chat platforms for cyberattacks. These platforms are becoming common channels for distributing malware and orchestrating social engineering schemes.
As indicated in the ExtraHop Cyber Confidence Index 2024, 39% of firms in Singapore acknowledge that more than half of their cyber incidents are due to poor cyber hygiene. Chat apps ultimately allow people to send direct messages and request sensitive information, which increases the risk posed by these attacks as information can be freely shared without any limitations in most cases. This puts the onus on the users to make secure decisions.
Moreover, these browser-based chat apps can bypass traditional perimeter controls, like firewalls, which usually bypass most web traffic. This capability enables attackers to access corporate networks without barriers, which allows them to distribute and deliver malware and potentially steal data.
Although antivirus software and EDR platforms can notify security teams about known malware from chat apps, attackers constantly seek ways to evade these defenses. This enables new or disguised malware opportunities, highlighting the need for strong post-compromise security and network-based detection capabilities.
APIs: The hidden weak points
Lastly, threat actors exploit vulnerabilities in application programming interfaces (APIs), which are crucial for enabling communication and data sharing between applications. Poorly configured APIs can inadvertently expose sensitive data, like user details, during a login attempt.
If the API contained plain text usernames and passwords, the threat actor now has the login credentials for both the compromising user and the compromised site. With these APIs, sharing user ID numbers could allow attackers to mine other user IDs, effectively compromising additional accounts.
APIs are vulnerable to attacks, and several powerful applications on the market enable organizations — and attackers — to monitor them for vulnerabilities. Techniques like “fuzzing,” where attackers send increasingly large garbage strings to an API in place of expected data, can create buffer overflows and potentially cause the API to expose sensitive information.
Attacks on APIs and associated websites are also numerous. Common occurrences are cross-site scripting, server-side request forgeries, and SQL injections. Cross-site scripting, for example, allows an attacker to place or transmit malicious scripts into the code of a trusted website or other trusted application.
Comprehensive security measures are crucial
Regardless of the threat — AI-generated malware, exploitation of chat services, or API vulnerabilities — organizations must remain vigilant and bolster their defenses to reveal cyber risks and build business resilience.
To accomplish these goals, installing and maintaining secure network detection and response systems is a must. These systems enhance security by tracking network traffic and spotting suspicious activity, including lateral movements, reconnaissance, and data exfiltration efforts. They are vital to an organization’s overall security strategy and effectively detect various attack tactics targeting applications and APIs.
Keeping pace with the rapidly evolving cyber threat landscape is essential for staying ahead of emerging threats. By understanding these advanced strategies and implementing robust security solutions, organizations can fortify their defenses against the sophisticated tactics of threat actors.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Orla
Chris Thomas, ExtraHop
Chris Thomas is the senior security advisor for APJ at ExtraHop.