AI tools are being increasingly abused to launch cyberattacks
ChatGPT, Gemini, and Claude are often the origin of advanced cyberattacks
A growing number of cyberattacks are being launched with the help of Artificial Intelligence (AI) and Large Language Models (LLM), new research has claimed.
A report from Imperva noted between April and September 2024, its Threat Research team analyzed thousands of attacks, finding retail sites collectively experience more than 500,000 AI-powered attacks every day.
These attacks, the researchers explain, often originate from AI tools such as ChatGPT, or Gemini, alongside bots designed to scrape websites for LLM training data. Cybercriminals were said to be using these tools mostly in business logic abuse attacks, DDoS attacks, bad bots attacks, and API violations.
Business logic attacks
Business logic abuse was described as the most common AI-driven attack, taking up almost a third (30.7%) of all incidents. It involves abusing legitimate features of different apps and APIs to carry out cyberattacks. DDoS are a close second (30.6%), while bad bot attacks take up a fifth (20.8%). The bots are designed to scrape pricing data, run credential stuffing, as well as inventory hoarding.
"In previous years, we've seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats,” said Nanhi Singh, General Manager of Application Security at Imperva.
Singh added retail businesses need robust defenses, and a comprehensive strategy, otherwise, they are risking losing sensitive personal information, including credit card details, people’s addresses, and other account information. Identity theft and similar attacks can lead to a tarnished image, loss of business, lawsuits, and regulator fines.
More from TechRadar Pro
- The rise of identity-related cyberattacks: costs, challenges and the role of AI
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.