The number of cyberattacks will “almost certainly” increase in the next two years as artificial intelligence lowers the entry barrier for less skilled hackers, Britain’s cyber chiefs say.
Ransomware continues to be the most acute cyber threat faced by businesses and organizations in the UK – a global problem that artificial intelligence (AI) will further exacerbate, a new report published by the National Cyber Security Centre (NCSC) said.
“AI is already being used in malicious cyber activity and will almost certainly increase the volume and impact of cyberattacks – including ransomware – in the near term,” said NCSC, which is part of the UK’s cyber spy agency GCHQ.
The report concluded that AI lowers the barrier of entry to novice cybercriminals, hackers-for-hire, and hacktivists.
“AI enables relatively unskilled threat actors to carry out more effective access and information-gathering operations,” NCSC said.
“This enhanced access, combined with the improved targeting of victims afforded by AI, will contribute to the global ransomware threat in the next two years,” it said.
The cyber agency said cybercriminals had already started to develop criminal generative AI, also known as GenAI, and to offer “GenAI-as-a-service,” making it available to anyone willing to pay.
However, the effectiveness of GenAI models will still be constrained by both the quantity and quality of data on which they were trained, the report said.
Lindy Cameron, chief executive at NCSC, said companies and organizations should make sure they keep up with ransomware and cybersecurity hygiene to strengthen their defenses and boost resilience.
“We must ensure that we both harness AI technology for its vast potential and manage its risks – including its implications on the cyber threat,” Cameron said.
“The emergent use of AI in cyberattacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term.”
According to the National Crime Agency (NSA), it’s unlikely that any other type of cybercrime will replace ransomware this year due to the financial rewards and established business model that it entails.
“Ransomware continues to be a national security threat. As this report shows, the threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cybercriminals,” said James Babbage, director general for threats at NSA.
Babbage added: “AI services lower barriers to entry, increasing the number of cybercriminals, and will boost their capability by improving the scale, speed, and effectiveness of existing attack methods. Fraud and child sexual abuse are also particularly likely to be affected.”
The British government has invested £2.6 billion ($3.3 billion) to improve the country’s cyber resilience as part of its Cyber Security Strategy.