2023 appears on the face of it to have been a good year for cybersecurity. As we reporting latterly in November and December, great strides have been made in combatting many of the frauds hung around DCB – the battle not won, but certainly not lost.
However, the rise of SMS frauds and the increasing use of AI among cyber criminals to get smarter, faster and more niche has made the picture less rosy. As reported this week by Gcore in its excellent Radar Report, there has been a surge in high volume DDoS attacks in 2023, now being measured in terabits rather than gigabits.
Ransomeware attacks in 2023 also grew, with IBM reporting that March alone saw 400 attacks – with more than 34 on local government offices in the US that month.
So what does 2024 have in store for cyber security? Well, where 2023 may have been a ‘good’ year for the cyber security industry, this year is set to see a new wave of problems. AI and GenAI is, in the words of Charles Henderson, Global Head, IBM X-Force, going to make “customer acquisition” much easier for cyber criminals.
There is a lot of stolen data out there, but until now it has been relatively hard to extract all its value. GenAI now makes it possible to sift through all the data points and find all the value. If that wasn’t enough, GenAI will also be able to help the crims optimise target selection.
This will see both ‘civilians’ and corporations come under new levels of attack and new forms of security compromise. AI voice cloning, for example, could spell havoc with all manner of telemedia services. With voice tipped to be a biometric verification tool to supplant SMS OTP – which itself is seeing a different and costly fraud in AIT – security could be further weakened rather than improved.
Similarly, AI created deep fakes and fake shopping bots are also starting to hit merchants and retailers of all kinds with fraudulent traffic and fake orders, returns and other scams.
2024 is a year of global events that will also add grist to the fraudsters’ mill. The Paris Olympics is likely to see a surge in all manner of physical, social and digital frauds – not least phishing scams, social media cams and malicious app scams.
The raft of elections taking place in 2024 – US, UK, EU, Russia, India and more – is also set to see fake news and other ‘social engineering’ frauds proliferate – giving fraudsters not only a rich seam of new victims, but also a boost to their own bottomlines, which translates into more investment in AI and other tech to grow fraud further.
The rise in global conflict that started with the Russian invasion of Ukraine and continues in Gaza, the Houthi occupied regions of Sudan and across Ethiopia, Armenia and Azerbaijan to name just a few all act to destabilise vast swathes of the world – and fraud and crime thrive in chaos.
The AI-nswer is…
But while the landscape looks ripe for a festival of fraud of all stripes in 2024, there is hope. AI is propelling many of the frauds seen in telemedia to new and frightening heights, but it also holds the answer. GenAI is the tool that is helping fraudsters, but it is also the tool that will fight them.
As Evina points out, the AI and bot surge in 2023 has drastically changed the cyber landscape. With cybercriminals leveraging advanced Large Language Models (LLMs), such as ChatGPT, the risk of sophisticated fraud has intensified. As a result, Evina foresees a critical need for proactive defence mechanisms in 2024 to safeguard against these emerging threats.
All companies should be looking at how to reverse engineer AI back into their businesses to not only create new services and efficiencies, but to tackle new and future fraud. Using the power of GenAI against fraud – not least to use it to spot ever more sophisticated frauds and deep fakes – is going to be essential in the year ahead.
Outside of AI, there are other ways that fraud can be prevented. Research is now a key component of fraud prevention – the University of Birmingham being a case in point. It has found new ways to foil mobile phone account take overs.
Regulators, too, can play a role. On the payments front, we are likely to see more drafts of PSD3 this year, which provides a chance for financial institutions and PSPs to strengthen their dedication to consumer protection, improve their competitive edge, and foster innovation.
It is also always worth looking ahead too. While 2024 may have some AI-led frauds up its sleeve, these are all just things already on the mainstream radar. A lurking threat lies in Quantum computing. The huge processing power that these computers – which rely on quantum states rather than the binary nature of semiconductors, thus vastly increasing the number of individual calculations that can be undertaken simultaneously – means that traditional encryption could well be rendered useless. The computing power could also supercharge GenAI, exacerbating all the problems we have today, while generating new ones.
The trick, as ever, is to use the same tools, so while we all must be on our guard – and using AI to help us – perhaps we also need to look ahead to how things like quantum computing may also be something we need to sit up and take note of.