Examples of cyberattacks launched with Artificial Intelligence

The main wish of cybercriminals when they launch a cyberattack is for it to achieve its goal, which is to infect a computer system with malware, so they can access the information it stores in order to demand an economic ransom for its recovery.

Cybersecurity experts (hackers) often say that cybercriminals "never sleep", as cyberattacks can occur at any time of day or night, and they are constantly seeking improvements to ensure that launched cyberattacks achieve their objectives. One of these enhancements is Artificial Intelligence (AI).

For cybercriminals, the use of AI technology to launch cyberattacks is becoming very popular, as it ensures greater efficiency and effectiveness of the cyberattack.

How Artificial Intelligence assists cybercriminals

When we talk about the use of AI to launch cyberattacks, we refer to the use of algorithms and computer systems to perform tasks that typically require human intervention.

However, thanks to the machine learning integrated within AI, this technology, without the need for human intelligence, is capable of detecting vulnerabilities and security gaps in computer systems more efficiently and on a large scale. It can also be used to generate and distribute malware and automate attack processes.

Examples of cyberattacks launched with Artificial Intelligence

AI is being used to launch different types of attacks, but undoubtedly, phishing and identity theft attacks are the most frequent. Attackers can use AI to generate personalized emails and text messages that appear legitimate, in order to deceive users into clicking on malicious links or downloading infected files.

A clear example we saw in the article we wrote about how ChatGPT can be used to launch cyberattacks, where we asked the chat to draft different types of messages to persuade a certain user to perform certain actions that put them at risk.

Next, we will show some examples of cyberattacks launched using Artificial Intelligence.

2021: Cyberattack on the Colonial Pipeline insurance company.

In May 2021, the United States insurance company Colonial Pipeline was cyberattacked by the DarkSide ransomware group. They used a combination of traditional hacking tools with Artificial Intelligence techniques to infiltrate the company's computer system and encrypt its data.

In exchange for the decryption key, the cybercriminals demanded a sum of money in Bitcoin.

The cyberattack resulted in the disruption of fuel supply across much of the East Coast of the United States.

Full news article

2019 - 2020: Detection of the DeepLocker malware

Between 2019 and 2020, a new type of malware called DeepLocker emerged. This malware utilizes artificial intelligence to hide its true nature and evade detection by security systems.

In addition, it has the ability to decide when to activate. In other words, once it enters a computer system, it can remain inactive for days, weeks, or even months without executing. It only activates when it receives a specific signal.

Full news article

2017: Cyberattack to decieve the users of Google Docs 

In 2017, a phishing campaign was discovered that utilized Artificial Intelligence to deceive Google Docs users. Cybercriminals created a malicious application closely resembling a legitimate Google Docs tool, but it actually collected user information and sent it to a server controlled by the cybercriminals.

Full news article

2016: One of the first cyberattacks to use AI

 In 2016, a cyberattack targeting a casino was detected, in which cybercriminals used Artificial Intelligence to obtain $500,000. To achieve this, they employed a phishing technique to gain access to the casino's network. Once inside the computer system, they used AI to analyze players' betting patterns and thus predict game outcomes.

2015: Cyberattack to the Ukranian electric grid

In this case, the cybercriminals used malware specifically designed to attack industrial control systems and disable power switches in several electrical substations, leaving 230,000 users without electricity for hours.

Full news article

Artificial intelligence as a method of cyberattack prevention

However, hackers and cybersecurity specialists have also observed that Artificial Intelligence-based technology can be used as a system to detect and prevent cyberattacks. This is possible because AI can analyze large amounts of data in real time and use machine learning algorithms to identify patterns of suspicious behavior.

For example, in ESED we work with a Firewall  that uses Deep Learning technology, allowing it to quickly and effectively detect unknown malware hidden in suspicious payloads.

We also conduct phishing simulations to know the security level of a system. Additionally, we implement ethical hacking techniques, launching controlled and harmless attacks against a system to detect its security vulnerabilities and implement appropriate cybersecurity measures.

Todo esto con las tecnologías más avanzadas, basadas, muchas de ellas, en Inteligencia Artificial. 

En realidad, cualquier tecnología puede utilizarse con fines ilícitos, al igual que se puede utilizar para fines lícitos. Esto no significa que esta no sea segura o tenga que vetarse, simplemente se trata de ir un paso por delante de los ciberdelincuentes y aprovechar la tecnología que ellos utilizan para lanzar ciberataques, como métodos de protección.

All of this with the most advanced technologies, many of them based on Artificial Intelligence.

In reality, any technology can be used for illicit purposes, just as it can be used for legitimate purposes. This does not mean that it is inherently unsafe or should be banned; it simply means staying one step ahead of cybercriminals and leveraging the same technology they use to launch cyberattacks as methods of protection.