The digital landscape is undergoing a transformation with the integration of artificial intelligence (AI) into both offensive and defensive cybersecurity strategies, cybersecurity watchdog Trend Micro has warned.
Digital threats have evolved from rudimentary mass-email attacks into sophisticated, custom-tailored schemes facilitated by AI. This AI-driven threat landscape warrants a top-down reevaluation of how organizations defend against increasingly complex threats, Trend Micro officials said at the kickoff of the Philippine leg of the company’s Risk to Resilience World Tour 2024 at Shangri-La BGC on May 16.
“We really can’t talk about the threat landscape anymore without talking about AI,” said Shannon Murphy, Trend Micro’s global risk and security strategist. “The way we defend against more comprehensive attacks needs to be rethought as well.”
Traditionally, phishing attacks — which make up the bulk of common cybersecurity threats — relied on generally-worded mass emails targeting a broad audience with low success rates, Murphy noted.
The infamous “Nigerian Prince” scams are a relic of this era, characterized by poor grammar and outright deception. However, cybercriminals are now using AI to craft more convincing, individualized messages on a massive scale, blending mass delivery with focused messaging strategies.
Modern phishing attacks are more legitimate and compelling, making them harder to detect, Trend Micro said. To combat this, organizations need to also utilize AI-based countermeasures, such as writing style analysis to detect anomalies in executive communications, and computer vision to identify fake login pages down to the pixel level.
AI’s capabilities also extend beyond phishing: deepfakes and audio fakes are emerging threats, with high-resolution outputs becoming increasingly accessible through open-source technologies and SaaS applications.
From a defense perspective, Murphy recommended that companies focus on verification for financial transactions and data transfers; limiting access to zero-trust frameworks; and establishing robust communications protocols.
It is also advisable to never calling unknown numbers so to avoid providing AI tools with the necessary training data to make their own deepfakes, and also ensuring that employees are only given the information necessary for their roles.
As the Philippines approaches its mid-term elections in 2025, the impact of AI on cybersecurity is becoming all the more evident and relevant, according to Trend Micro.
Unlike previous elections where standard one-size-fits-all messages were broadcast over social media, AI now enables the creation of countless custom messages, complicating the detection and eradication of misinformation. Protecting data integrity and ensuring cybersecurity for campaign operations are thus paramount concerns.
Trend Micro Philippines country manager Ian Felipe said that it is essential for Filipinos to recognize these evolving threats and seek assistance from security companies: “This is something not new to the Philippines. It’s high time for Filipinos to really see that this is happening,” he warned.
Felipe concluded by saying that the promise of generative AI to streamline processes and aid quick decision-making still holds true, but it is not without attendant risks.
