Google Uncovers Hackers Using AI for Zero-Day Attack

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Google cybersecurity researchers said in a Monday (May 11) report that they uncovered hackers using artificial intelligence to take advantage of so-called “zero-day” flaws.

The discovery is a first for the Google Threat Intelligence Group (GTIG), which also explored in the report the way AI “serves as both a sophisticated engine for adversary operations and a high-value target for attacks.”
“Threat actors are leveraging AI to augment various phases of the attack lifecycle,” the report said. “This includes supporting the development of vulnerability exploits and malware, facilitating autonomous execution of commands, enabling more targeted and well-researched reconnaissance, and improving the efficacy of social engineering and information operations.”
Zero-day attacks involve cybercriminals exploiting a previously unknown flaw in a system’s hardware or software before a developer has a chance to address that vulnerability.
In the incident Google found, hackers exploited a zero-day vulnerability in a Python script that allows the user to get around two-factor authentication on a “popular open-source, web-based system administration tool,” per the report. GTIG worked with the vendor in question to disclose the vulnerability and put a stop to the threat.
“Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” the report said.Advertisement: Scroll to Continue

A spokesperson for Google told Bloomberg News that the researchers also don’t think Anthropic’s Mythos model was used. Anthropic has said it would not make Mythos widely available, as the way it employs AI to spot software vulnerabilities makes it a risk to national security.
Meanwhile, AI has brought the cost of running a convincing fraud campaign to almost zero.
“Automated tools let criminals generate personalized phishing messages, impersonate executives, localize content for any market and run multiple schemes in parallel without specialist skills,” PYMNTS reported May 4.
The FBI’s Internet Crime Complaint Center received more than 22,000 complaints referencing AI last year, its first year recording AI-related crimes as a separate category. Total internet crime losses came to $20.9 billion, compared to $16.6 billion the previous year.
For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.