Trend Micro warns of GenAI-powered attacks

Cybersecurity leader Trend Micro issued a stark warning this week, predicting a surge in sophisticated social engineering attacks powered by generative AI (GenAI) in 2024.

The “tsunami” of threats, fueled by hyper-realistic written, audio and video content, will challenge traditional defenses and necessitate a shift towards advanced security controls, it said.

“Advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing such as odd formatting or grammatical errors, making them exceedingly difficult to detect,” Eric Skinner, VP of market strategy at Trend Micro, said.

“Businesses must transition beyond conventional phishing training and prioritize the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics, he added.

Trend Micro said that the widespread availability of GenAI tools, coupled with generative adversarial networks (GANs), is expected to dramatically lower the barrier to entry for cybercriminals.

This will facilitate a surge in business email compromise (BEC) scams, virtual kidnappings, and other targeted attacks.

Likewise, it added that the potential for lucrative gains will further incentivize threat actors, who may develop their own AI tools or exploit existing ones through stolen credentials and virtual private networks (VPNs).

Even AI models themselves are at risk, with specialized cloud-based systems vulnerable to data poisoning attacks aimed at stealing sensitive data or disrupting critical infrastructure.

The company said that these trends could trigger increased regulatory scrutiny and prompt the cybersecurity industry to take proactive measures.

“In the coming year, the cyber industry will begin to outpace the government when it comes to developing cybersecurity-specific AI policy or regulations,” said Greg Young, VP of cybersecurity at Trend.

“The industry is moving quickly to self-regulate on an opt-in basis.”

Also rising are cloud-native worm attacks that exploit  vulnerabilities and misconfigurations, latching onto multiple containers, accounts, and services within cloud environments.

Trend Micro maintained that organizations must prioritize robust defense mechanisms and thorough security audits to mitigate risks associated with cloud-native applications.