In 2023 alone, the Philippines ranked eighth worldwide in terms of ransomware detections, based on cybersecurity watchdog Trend Micro’s internal monitoring efforts.
The company on Tuesday, Jan. 23, issued a stark warning about the increasing threat of generative artificial intelligence (Gen AI) in the country.
“Attackers are using ever-sophisticated tools,” warned Trend Micro Philippines country manager Ian Felipe at a press conference held at the New World Hotel in Makati City.
Trend Micro anticipates a surge in these sophisticated cyberattacks through 2024, driven by the widespread availability and improved quality of Gen AI, coupled with the use of Generative Adversarial Networks (GANs).
This evolution is expected to facilitate the creation of hyper-realistic audio and video content, leading to a new wave of cyber threats, including business email compromise (BEC), virtual kidnapping, and other scams.
The company emphasizes the potentially lucrative gains for threat actors involved in malicious activities, leading to the development and utilization of nefarious GenAI tools. Threat actors may exploit legitimate tools with stolen credentials and VPNs to hide their identities, further complicating attribution.
“AI will make phishing more efficient, enabling cloud-based automated attacks and data poisoning,” warned Trend Micro Philippines senior security specialist Raymond Almanon.
“We’ve even found an AI-generated backdoor malware that’s polymorphic (highly adaptable) to avoid detection,” added Trend Micro Philippines senior threat researcher Monte de Jesus.
The Philippines is particularly in urgent need for industry-led regulations and innovative defense strategies to proactively deal with these threats, according to Trend Micro.
Additionally, Trend Micro predicts that AI models themselves may become targets in 2024. While Gen AI and LLM (large language model) datasets are challenging for threat actors to influence, specialized cloud-based machine learning models present an attractive target.
Data poisoning attacks, with outcomes ranging from exfiltrating sensitive data to disrupting fraud filters, are projected to cost less than $100 to execute.
The 2024 predictions report from Trend Micro also highlights other notable trends, including a surge in cloud-native worm attacks, increased supply chain attacks targeting identity management tools, and a rise in attacks on private blockchains due to vulnerabilities in their implementation.
In light of these evolving threats, organizations in the Philippines and the Asia-Pacific region are urged to proactively address security gaps in cloud environments, conduct thorough security audits, and stay vigilant against the growing sophistication of AI-driven cyberattacks.
The company emphasizes the potentially lucrative gains for threat actors involved in malicious activities, leading to the development and utilization of nefarious GenAI tools. Threat actors may exploit legitimate tools with stolen credentials and VPNs to hide their identities, further complicating attribution.
Moreover, Felipe sees the inevitable ubiquity of AI in the workplace as a boon that must be dealt with hand-in-hand with constant bane of similarly-equipped threat actors.
“Enterprises should be able to identify risks as they journey through their digital transformation. They should equip themselves with appropriate tools (to defend against cyberattacks),” he said.
Eric Skinner, global vice president of market strategy at Trend Micro, also highlighted the risk posed by advanced large language models (LLMs) proficient in any language.
These models eliminate traditional indicators of phishing, making detection exceedingly difficult. Skinner emphasizes the importance of transitioning beyond conventional phishing training and adopting modern security controls to ensure resilience against these advanced tactics.
