According to Gartner, attacks using artificial intelligence are the leading cyber threat.

For the third quarter in a row, Gartner found that AI-fueled cyberattacks pose the biggest risk to enterprises.

The consulting firm surveyed 286 senior risk and quality assurance executives from July to September, and 80% cited artificial intelligence-based malicious attacks as the top threat that worries them. This is not surprising as data shows that AI attacks are on the rise.

Other frequently mentioned emerging risks stated in the report include AI-fueled disinformation, growing political polarization, and misaligned organizational talent profiles.

Attackers use AI to write malware, create phishing emails, and more.

In June, HP intercepted an email campaign that distributed malware using a script that “It is very likely that it was written using GenAI.” VBScript was clearly structured, and each command had a comment that would have been an unnecessary effort for a human to write.

The researchers then used GenAI to create a script and obtained similar results, suggesting that the original malware was at least partially created by artificial intelligence.

SEE: 20% of generative AI jailbreak attacks are successful

Quantity business email compromise attacks detected by security firm Vipre in the second quarter were 20% higher than in the same period in 2023, and two fifths of them were created by AI. CEOs were the top targets, followed by HR and IT employees.

Usman Choudhary, Director of Products and Technology at VIPRE, said in an interview press release: “Attackers are now using sophisticated artificial intelligence algorithms to craft convincing phishing emails that mimic the tone and style of legitimate messages.”

Only on retail sites, on average, 569,884 AI attacks every day from April to September, according to Imperva Threat Research. The researchers said tools such as ChatGPT, Claude and Gemini, as well as special bots that crawl websites for LLM training data, are used, for example, to carry out distributed denial-of-service attacks and abuse business logic.

More ethical hackers also admit to using GenAI. the share has increased from 64% to 77% over the past yearThis is stated in the BugCrowd report. These researchers say it helps with channel attacks, fault injection attacks, and automating parallel attacks to compromise multiple devices at once. But if the good guys find AI valuable, then so do the bad actors.

The increase in such attacks should not come as a surprise.

AI can lower the barrier to entry for cybercrimeas less experienced criminals can use it to create deepfakes, scan networks for entry points, reconnaissance, and more. Researchers from ETH Zurich recently created a model that can solve Google reCAPTCHAv2 puzzles used to distinguish between humans and bots 100% of the time.

Analysts at security firm Radware predicted earlier this year that this newfound accessibility would lead to development of private GPT models used for nefarious purposes. They also predict that the number zero-day exploits And deepfake scam will increase as attackers become more adept at using LLM and generative adversarial networks.

Really, Mandiant Google tracked 97 zero-day vulnerabilities that were discovered and exploited in 2023, which was a record 56% increase a year earlier. Last month Microsoft included deepfakes among the most significant types of attacks used by increasingly prolific ransomware groups.

SEE: Deepfakes using artificial intelligence are becoming a risk for organizations in the Asia-Pacific region

Executives are also concerned about over-reliance on IT service providers.

IT vendor criticality also ranked among Gartner’s top concerns for senior risk and quality leaders for the first time this quarter.

Zachary Ginsburg, senior director of risk and audit practice research at Gartner, said in a Gartner press release: “Customers who concentrate services with a single provider may face increased risk from disruptions or unexpected changes to services. depending on new regulations or legal decisions in the EU, US or elsewhere.”

He hinted at July CrowdStrike incidentresulting in approximately 8.5 million Windows devices worldwide being taken offline and causing massive disruption to emergency services, airports, law enforcement and other critical organizations.

SEE: What is Crowdstrike? Everything you need to know

“Because third parties, such as SaaS providers, rely on other vendors, organizations may not realize the full extent of their vulnerability,” Ginsburg added. Gartner predicts that 45% of companies worldwide face attacks on their software supply chains by 2025.