AI and supply chain attacks top cyber threats, warns Kaspersky

Supply chain attacks, vulnerabilities in artificial intelligence (AI), and the infiltration of trusted communities are emerging as significant cyber threat trends, according to Russian security firm Kaspersky.

Ransomware remains the most prevalent form of cybercrime globally, with perpetrators operating it as a business model known as ransomware as a service. Igor Kuznetsov, Director of Kaspersky’s Global Research & Analysis Team, shared these insights at the recent APAC Cyber Security Weekend themed Post AI: Building a Safer Tomorrow, held in Sri Lanka.

Kuznetsov highlighted that the most commonly exploited infection vectors are public-use applications, followed by account compromises and brute-force attacks on credentials.

An emerging concern is the compromise of supply chains and trusted relationships, with half of such incidents going unnoticed until after the attack has succeeded. Government, financial institutions, and manufacturing sectors are the most frequently targeted, Kuznetsov noted.

Cybercriminals have devised a sophisticated attack aimed at iOS devices called Operation Triangulation. This attack exploits critical hardware vulnerabilities in Apple’s central processing units, enabling hackers to take full control of infected phones without user interaction.

The method involves sending a malicious iMessage, which, when opened, installs harmful software on the device. Apple has patched these vulnerabilities but users are advised to keep their iOS devices updated, regularly restart their phones, and exercise caution with iMessages.

Phishing attacks

Alexey Antonov, head of Kaspersky’s data science team, warned that AI can enhance social engineering attacks by creating more natural-sounding emails and inputs for phishing attacks, generating passwords, helping code malware, and even performing password attacks.

The rise of AI also means cybercriminals can target victims with adversarial attacks, making small modifications to files so that AI systems misclassify malware as safe files. To improve security and detection rates, Kaspersky simulates adversarial attacks on its malware detection models.

AI-related attacks have surged recently. While some attacks using AI require highly skilled data scientists and significant effort, others can deploy publicly available tools. With AI now able to crack passwords three times faster than before, 78% of passwords can be cracked in under 60 minutes.

Antonov pointed out that some AI models can be forced to perform unexpected actions. For instance, last year saw several prompt attacks on large language models.

“For Kaspersky, we can leverage AI to detect malicious attacks and emerging threats, especially considering the number of potential malware cases, with 411,000 unique malware samples detected daily in 2024 and over 403,000 daily in 2023.”

Vitaly Kamluk, a cybersecurity expert at Kaspersky, explained that modern supply chains include the flow of information, software, and digital services. Supply chain attacks can damage critical infrastructure such as hospitals, banks, and airlines.

Widespread crashes

A recent example of supply chain failure occurred when the US-based cybersecurity company CrowdStrike issued an erroneous software update, causing widespread crashes of Microsoft Windows computer systems around the world.

Kamluk mentioned that potential avenues for supply chain attacks on machine learning models include manipulating training data to introduce biases and vulnerabilities or modifying the AI model with an altered version to produce incorrect outputs.

In a specific case, faulty software in the Linux XZ utility tool was compromised in a supply chain attack. A backdoor was inserted into the software, allowing attackers to monitor all connections to the infected machine and authenticate themselves using a hidden key. This sophisticated backdoor was designed to evade detection.

Attackers also infiltrate trusted communities by creating fake personas, contributing code to open-source projects, and waiting for an opportune moment to inject malicious code.

Kamluk stated that AI is set to revolutionise cybersecurity through various applications. AI can autonomously adapt defences in real-time, enforce strict access controls with zero-trust architecture, analyse human behaviour patterns for anomalies, detect deepfakes, predict potential security breaches, and respond rapidly to cyber incidents.

Furthermore, AI can streamline security operations by intelligently managing and coordinating security tools and processes.

Unauthorised access

Supply chain attacks on AI are a growing concern. One method involves manipulating training data to degrade model performance, which can be executed by malicious insiders or by compromising the data source.

Additionally, attackers can embed hidden activation functions within AI tools to gain unauthorised access to sensitive data. Intentional malfunctions or vulnerabilities can also be introduced into AI models, creating a time-bomb effect that undermines the AI’s capabilities over time.

These attacks underscore the need for robust security measures in the AI supply chain.

Adrian Hia, managing director of Asia Pacific at Kaspersky, emphasised the inevitability of AI integration for many organisations. However, stakeholders must be aware of data compliance, especially when combined with AI.

Policies need to be implemented to govern how confidential data is handled and what aspects of that data are accessible by AI, said Hia.

“Leveraging multiple systems through on-premises, private, hybrid, and multi-cloud environments to ensure uptime and business resilience is key to minimising IT outage risks.”