{"id":2082,"date":"2023-08-25T09:47:11","date_gmt":"2023-08-25T07:47:11","guid":{"rendered":"https:\/\/certitude.consulting\/blog\/?p=2082"},"modified":"2023-12-20T11:49:58","modified_gmt":"2023-12-20T09:49:58","slug":"skynet-wants-your-passwords-1","status":"publish","type":"post","link":"https:\/\/certitude.consulting\/blog\/en\/skynet-wants-your-passwords-1\/","title":{"rendered":"Skynet wants your Passwords! \u2013 AI and Social Engineering"},"content":{"rendered":"\n

As we explore the capabilities of modern AI in assisting us across both our personal and professional lives, malicious actors too are investigating its potential uses. In this series of blog posts, we delve into the realm of social engineering attacks that we need to be prepared for in this era of advanced AI. We aim to identify these threats and understand how to effectively defend against them. The initial post focuses on examining current attack scenarios and potential future developments.<\/strong><\/p>\n\n\n\n

Computers have significantly changed the scale at which we can process data, conduct simulations or communicate with one another. Similarly, AI may change the scale at which tasks that previously required humans can be conducted. For instance, crafting personalized emails for a thousand individuals formerly demanded humans to compose a thousand separate emails. Now it is feasible to instruct an LLM (large language model) like ChatGPT to create these mails.<\/p>\n\n\n\n

Just like any powerful tool, AI can be harnessed for both constructive and harmful purposes. While individuals might leverage AI to delegate email composition, similarly, attackers could exploit it to generate phishing emails. In the pre-AI era, executing social engineering attacks with a high success rate necessitated tailoring approaches to individual victims. Given the substantial effort involved, sophisticated social engineering attacks were predominantly aimed at high-value targets, such as orchestrating a CFO to initiate fund transfers. Today, AI tools enable mass customization of attacks, substantially diminishing the requisite investment. Consequently, we can anticipate a surge in highly targeted social engineering attacks directed at a broader audience.<\/p>\n\n\n\n

State of the art AI technologies yield content that closely resembles human-generated output (e.g., text, drawings) or closely mimics reality (e.g., images). Unsuspecting individuals are prone to perceiving such content as genuine, rendering them susceptible to automated social engineering attacks.<\/p>\n\n\n\n

Avenues of Abuse<\/h2>\n\n\n\n

AI empowers malicious actors with an array of social engineering techniques, including:<\/p>\n\n\n\n