Last year, a finance employee of a multinational company transferred more than 25 million dollars after his CFO instructed him to do so in a video meeting. Just one little snag: the request did not actually come from the CFO, but from a deepfake impersonation of the CFO and a number of colleagues attending the online meeting.
For a long time, artificial intelligence (AI) and self-learning machines seemed like something out of science fiction, but the CFO case study shows that reality has now caught up with our imagination. Especially since ChatGPT became known to the general public, along with chatbots, computer translations, artificially generated videos and other AI products, all of which have now become commonplace.
‘Lots of things are changing and this is due to the fundamentally increasing power of large language models (LLMs),’ says Daan Raman, co-founder and innovation director at Nviso, the Brussels-based cybersecurity company. ‘So much so, that since last year, a model such as this has actually been able to reason for itself. This means that the age of AGI (artificial general intelligence – i.e. AI that is able to think just about as well as a human being) is drawing ever nearer. Much of what AI was capable of doing is now being done much more efficiently.’
'At DNS Belgium, a proprietary AI tool assesses whether each new domain name registration is being made with malicious intent.'
This means that AI is increasing efficiency in many areas, including cybersecurity. For example, AI or Machine Learning (ML) can make network security and fraud detection software more powerful – or else make it easier to detect anomalies on the network.
‘At DNS Belgium, we do this using Regcheck, an AI tool we developed ourselves that assesses whether any new domain name registration is being made with malicious intent,’ says Maarten Bosteels, head of R&D at DNS Belgium. ‘That initial check is now carried out much more efficiently with the help of AI. We used to have rules for doing that, but today we have a self-learning system that is also able to recognise new patterns. So, if a fraudster changes their approach, there’s a good chance that Regcheck will detect it.’
Raman: ‘For example, AI is extremely useful when analysing phishing emails. If you do that using humans only, chances are you’ll miss certain subtleties. Today, this task is done partly by AI. I emphasise “partly”, because issues such as hallucinations remain. But in an ideal world, you should combine traditional analysis carried out by humans with analysis provided by AI.’
At DNS Belgium, we also combine AI with human skills. Bosteels again: ‘Regcheck decides which domain names require additional checks, and no humans are involved in this process. However, any follow-up is usually carried out by a human.’
Thomas Daniels, a researcher at DNS Belgium: ‘For new registrations, you have to do this proactively because there’s no website that can do it yet. So detecting and removing fraudulent online stores cannot be handled by AI alone. Because if the system were to make a mistake and make it impossible to access a legitimate site, the effect on the company behind that domain name could be significant.’
AI and ML as weapons used by cybercriminals
In the meantime, cybercriminals have also discovered that AI can be used as a powerful tool to facilitate their work.
ENISA (the EU agency for cybersecurity), Europol and other cybersecurity institutions recorded a doubling in the number of cyber attacks using AI between the fourth quarter of 2023 and the first quarter of 2024. As the example of the fake CFO mentioned above shows, AI can help cybercriminals to make their attacks smarter and more convincing.
'AI is extremely useful when analysing phishing emails. If you do that using humans only, chances are you’ll miss certain subtleties.'
‘Until two years ago, you pretty much had to have a PhD to be able to do that with any credibility,’ according to Nviso’s security expert. ‘Today, though, there are tools available for creating a fake video in any language you want – complete with the lips perfectly synchronised with the audio. So we then made a video for a bank in which their CEO gave a thirty-second speech. That type of video used to take two weeks of work to produce. But with the right tools, you can do it in three hours today. It’s incredible what’s possible these days.’
Phishing 2.0
Whereas previously you used to see language errors or strange sentence structures in phishing messages, AI now writes credible, error-free emails. With machine learning, tools are able to learn from previous communications to generate emails that perfectly mimic the writing style of a person or institution.
Raman: ‘AI can draft emails like this round the clock, whereas a targeted phishing email to a specific individual used to require hours of gathering information and carefully crafting a script or email. That’s why these types of messages focused primarily on CEOs, because if they succeeded, the “profit” achieved was often substantial. And artificial intelligence never gets tired, so you can assign it tasks covering hundreds of individuals and it will gather information independently about them and then compose a near-perfect email – all for just a few euros. This is a major shift in how targeted phishing is carried out today.’
Smarter cyber attacks and malware
Just as AI and ML help to protect against cyber attacks, criminals are also using them to scale up their actions to unprecedented levels of complexity and speed. As an example, last year these developments resulted in the first ransomware created entirely by AI.
Software such as ChatGPT has a number of built-in safeguards to prevent users from creating malicious code. But anyone smart enough can still circumvent these obstacles or find AI tools that are less strict in this regard. And there is now such a thing as “polymorphic malware ”, which is AI-generated malware that constantly changes its code to circumvent detection and security software.
‘This type of malware writes its own script to circumvent detection and has is flexible enough to match the target,’ says Raman. ‘This makes it difficult to create recognition patterns (signatures) for malware. In the past, viruses had specific characteristics that a scanner could search for. Today, those characteristics are no longer fixed and so a security system has to look at the type of behaviour.’
AI as a defence tool
Fortunately, cybersecurity experts and cybercriminals are fighting on equal terms and the efforts of the experts mean that suspicious situations can be detected more quickly.
Lightning-fast detection of threats
AI is able to learn what normal behaviour looks like in a system or network and then analyse it. It detects any deviation from normal behaviour in files or by users or network traffic and can report it as a potential threat.
This technology goes further than traditional methods by continuously learning, adapting quickly and providing real-time alerts and automated responses to known and unknown threats.
At the same time, Daniels, who is a researcher at DNS Belgium, adds the qualification that recent developments in language models (LLMs) and hence generative AI (genAI) are only part of the whole story. ‘We use tools based on a model architecture dating from 2017 and today, they work in a similar way,’ he says. ‘Other tools, which are based on language models, have of course improved thanks to the developments made in recent years.’
Often useful, but not always necessary
The big advantage of AI lies not only in its speed of detection, but also in its processing capacity. AI is able to simultaneously screen and process enormous data streams from various sources (log files, network traffic, user activity). It can also detect anomalies extremely quickly that remain invisible to humans.
At the same time, we also have to add the qualification that while AI is able to do a great deal, it is not the best solution in every situation. ‘Not all automation is AI,’ explains Bosteels. ‘When you’re programming things that are rule-based, they are generally faster to run than an AI system – and they require fewer resources to operate.’
What is DNS Belgium doing?
At DNS Belgium, we have been using the capabilities of AI and ML for years to keep the Internet in Belgium secure.
Back in 2019, we began developing an open source crawler that automatically collates publicly available data from .be domain names. This data provides the input, among other things, to detect fraudulent online stores.
We have developed an AI model with Regcheck that assesses whether a newly registered domain name is likely to be used for phishing or other fraudulent activities. The people behind these domain names are then subjected to an identity check before their domain becomes available. This is how DNS Belgium takes preventative action against abuse.
DNS Belgium is also hard at work increasing digital literacy and awareness of cybersecurity. This enables us to ensure that more people can recognise online threats or scams, regardless of whether AI is used in the process or not.
- Missed an article about cybersecurity? Check them out below under “Further reading”.
With this article, we support the United Nations Sustainable Development Goals.