1/18/2024 0 Comments Url redirector hackWell-formatted procedural tasks like these are perfect for automation via AI/ML. There are already publicly available tools for sale on the underground to send spam email, automatically craft convincing, targeted text when equipped with the right prompts, and scrape the Internet and social media for a particular target’s information and connections, but a lot of these tools are still manual and require attackers to target one user or group at a time. However, traditionally it has also required the most manual work to research and target victims. Spear phishing is one of the most effective tools attackers have to breach networks. This prediction: 2024 will see a boom in an emerging market for automated spear phishing tools, or a combination of tools, on the dark web. While AI/ML risks may still only account for a fraction of the attacks during 2024, we do expect to see threat actors really begin experimenting with AI attack tools and start to sell them on the underground. To support this spike in demand for managed security services, MSPs/MSSPs will turn to unified security platforms with heavy automation (AI/ML), to lower their cost of operations, and offset the difficulty they may also have in filling cybersecurity technician roles.ģ.ĚI Spear Phishing Tool Sales Boom on the Dark Web We expect the number of companies who look to outsource security to double due to both the challenging economy and difficulty in finding cybersecurity professionals. MSPs will enjoy significant growth in their managed detection and response (MDR) and security operations center (SOC) services IF they can build the team and infrastructure to support it. The answer is managed service and security service providers (MSP/MSSPs). Adding fuel to the fire, cybersecurity has a burnout problem (pun intended), which is why Gartner predicts nearly 50% of cybersecurity leaders will change jobs, contributing to a “great cybersecurity resignation.” With so many unfilled cybersecurity positions, how will the average small to midmarket company protect themselves? The last full-year estimate pegged the global number of unfilled cybersecurity jobs at 3.4 million, a figure that surely grew substantially in 2023. MSPs Double Security Services via Automated Platforms While a traditional breach that exposes that raw data is still possible, we believe threat actors may target the model itself to expose training data.ĭuring 2024, we forecast that a smart prompt engineer-whether a criminal attacker or researcher - will crack the code and manipulate an LLM into leaking private data.Ģ. Many of them retain input data for training purposes, which means you’re trusting the LLM vendor to store and protect it. But using a public LLM for tasks dependent on your proprietary or otherwise private data can put that data at risk. The potential scale of the problem gets scary when you consider that more and more organizations are trying to harness LLMs to improve their operational efficiency. While not exactly traditional hacking, “prompt engineers” have been working diligently in the shadows to develop techniques that effectively nudge LLMs out of their “sandbox” and into more dangerous waters where they can chart a course of their own with greater potential to yield malicious results. While the creators of LLMs have slowly tried to add safeguards that prevent bad actors from abusing LLMs for malicious purposes, like all security, it’s a cat-and-mouse game. The same LLMs that might help you draft a paper could also help criminals write a very convincing social engineering email. Threat actors and trolls love to turn benign emerging technologies into weapons for their own nefarious purposes and amusement. There’s a risk lurking underneath the fun surface, however. Large Language Models (LLMs) – AI/ML models that allow a computer to carry on a very convincing conversation with you and answer just about any question (though not always accurately) – have taken the world by storm. Prompt Engineering Tricks Large Language Models
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |