Attackers using AI in ransomware campaigns

Threat actors are using artificial intelligence to shape phishing and ransomware campaigns, and are expected to increasingly look to generative AI to craft more effective attacks, according to research from Barracuda Networks.

An analysis of 175 successful ransomware attacks across the world committed between August 2022 and July 2023 found that the number of reported attacks has doubled across all industries covered by the research since last year.

The most targeted industries include the local government sector (which accounted for 21% of analysed attacks), health care (18%) and education (18%), Barracuda Networks said.

Attackers have been using generative AI to help create believable phishing emails, which is leading to attack campaigns that lack the spelling and grammar mistakes that have typically been telltale signs of illegitimate emails, the research found.

Use of generative AI is extending to trawling social media to make attacks more customised to the victims. Attackers are meanwhile using the code-generation capabilities of generative AI to write malicious code for exploiting software vulnerabilities.

In tandem, these changes could ensure that the skill required to start a ransomware attack could be reduced to constructing a malicious AI prompt or having access to ransomware-as-a-service tools, the research indicates.

Business email compromise (BEC) meanwhile remains the most common attack type discovered by Barracuda’s security operations centre teams (36.4%), followed by ransomware (27.3%), malware infections (15.2%) and insider threats (12.1%).

Image credit: iStock.com/WhataWin