Current:Home > Contact-usMicrosoft says US rivals are beginning to use generative AI in offensive cyber operations-DB Wealth Institute B2 Expert Reviews
Microsoft says US rivals are beginning to use generative AI in offensive cyber operations
View Date:2024-12-23 23:02:36
BOSTON (AP) — Microsoft said Wednesday it had detected and disrupted instances of U.S. adversaries — chiefly Iran and North Korea and to a lesser extent Russia and China — using or attempting to exploit generative artificial intelligence developed by the company and its business partner to mount or research offensive cyber operations.
The techniques Microsoft observed, in collaboration with its partner OpenAI, represent an emerging threat and were neither “particularly novel or unique,” the Redmond, Washington, company said in a blog post.
But the blog does offer insight into how U.S. geopolitical rivals have been using large-language models to expand their ability to more effectively breach networks and conduct influence operations.
Microsoft said the “attacks” detected all involved large-language models the partners own and said it was important to expose them publicly even if they were “early-stage, incremental moves.”
Cybersecurity firms have long used machine-learning on defense, principally to detect anomalous behavior in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.
Microsoft has invested billions of dollars in OpenAI, and Wednesday’s announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning . A threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation and already occurring,
Here are some examples Microsoft provided. In each case it said all generative AI accounts and assets of the named groups were disabled:
— The North Korean cyberespionage group known as Kimsuky has used the models to research foreign think tanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.
— Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors, and even in studying how intruders might evade detection in a compromised network. That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism.” The AI helps accelerate and boost the email production.
— The Russian GRU military intelligence unit known as Fancy Bear has used the models to research satellite and radar technologies that may relate to the war in Ukraine.
— The Chinese cyberespionage group known as Aquatic Panda — which targets a broad range of industries, higher education and governments from France to Malaysia — has interacted with the models “in ways that suggest a limited exploration of how LLMs can augment their technical operations.”
— The Chinese group Maverick Panda, which has targeted U.S. defense contractors among other sectors for more than a decade, had interactions with large-language models suggesting it was evaluating their effectiveness as a source of information “on potentially sensitive topics, high profile individuals, regional geopolitics, US influence, and internal affairs.”
In a separate blog published Wednesday, OpenAI said the techniques discovered were consistent with previous assessments that found its current GPT-4 model chatbot offers “only limited, incremental capabilities for malicious cybersecurity tasks beyond what is already achievable with publicly available, non-AI powered tools.”
Last April, the director of the U.S. Cybersecurity and Infrastructure Security Agency, Jen Easterly, told Congress that “there are two epoch-defining threats and challenges. One is China, and the other is artificial intelligence.”
Easterly said at the time that the U.S. needs to ensure AI is built with security in mind.
Critics of the public release of ChatGPT in November 2022 — and subsequent releases by competitors including Google and Meta — contend it was irresponsibly hasty, considering security was largely an afterthought in their development.
“Of course bad actors are using large-language models — that decision was made when Pandora’s Box was opened,” said Amit Yoran, CEO of the cybersecurity firm Tenable.
Some cybersecurity professionals complain about Microsoft’s creation and hawking of tools to address vulnerabilities in large-language models when it might more responsibly focus on making them more secure.
“Why not create more secure black-box LLM foundation models instead of selling defensive tools for a problem they are helping to create?” asked Gary McGraw, a computer security veteran and co-founder of the Berryville Institute of Machine Learning.
NYU professor and former AT&T Chief Security Officer Edward Amoroso said that while the use of AI and large-language models may not pose an immediately obvious threat, they “will eventually become one of the most powerful weapons in every nation-state military’s offense.”
veryGood! (66)
Related
- Off the Grid: Sally breaks down USA TODAY's daily crossword puzzle, Something Corporate
- Indonesia top court rejects presidential age limit, clearing legal path for 72-year-old frontrunner
- US renews warning it will defend treaty ally Philippines after Chinese ships rammed Manila vessels
- DHS warns of spike in hate crimes as Israel-Hamas war intensifies
- Powerball winning numbers for November 11 drawing: Jackpot hits $103 million
- Do manmade noise and light harm songbirds in New Mexico’s oil fields? These researchers want to know
- Max Verstappen wins USGP for 50th career win; Prince Harry, Sha'Carri Richardson attend race
- Scorpio Season Gift Guide: 11 Birthday Gifts The Water Sign Will Love
- Roster limits in college small sports put athletes on chopping block while coaches look for answers
- Detroit police say they’ve identified several people of interest in synagogue president’s killing
Ranking
- Get $103 Worth of Tatcha Skincare for $43.98 + 70% Off Flash Deals on Elemis, Josie Maran & More
- Katharine McPhee Shares Secret to Success of Her and David Foster's Marriage
- Chick-fil-A reportedly agrees to $4.4 million settlement over delivery price upcharges
- EPA proposes banning cancer-causing chemical used in automotive care and other products
- Former West Virginia jail officer pleads guilty to civil rights violation in fatal assault on inmate
- School shooting in Brazil’s Sao Paulo leaves one student dead
- Are you leaving money on the table? How 1 in 4 couples is missing out on 401 (k) savings
- Snoop Dogg gets birthday surprise from 'Step Brothers' Will Ferrell and John C. Reilly
Recommendation
-
Texas man accused of supporting ISIS charged in federal court
-
Detroit synagogue president found murdered outside her home
-
A price cap on Russian oil aims to starve Putin of cash. But it’s largely been untested. Until now
-
'You want it to hurt': Dolphins hope explosive attack fizzling out vs. Eagles will spark growth
-
Timothée Chalamet Details How He Transformed Into Bob Dylan for Movie
-
University of Michigan slithers toward history with massive acquisition of jarred snake specimens
-
Detroit police say they’ve identified several people of interest in synagogue president’s killing
-
5th suspect arrested in 2022 ambush shooting outside high school after football scrimmage