September 24, 2024 at 01:07PM
HP identified a new email campaign distributing AI-generated malware. The malware involves an encrypted HTML attachment and employs uncommon techniques, indicating potential use of generative AI. Researchers found the malware payload to be basic, raising concerns that novice attackers are leveraging AI. This development signals the increasing threat of AI-generated malware.
Based on the meeting notes provided, it is clear that HP has discovered a phishing email with a common invoice themed lure and an encrypted HTML attachment. This email utilized HTML smuggling to avoid detection, and the attachment included a VBScript, which acted as the dropper for the infostealer payload. Researchers at HP identified several unusual aspects of this attack, including the presence of comments in the VBScript and the use of French language, which led them to suspect that the script was not written by a human but was generated by gen-AI technology. This suspicion was further supported by the researchers’ own gen-AI producing a script with a very similar structure and comments.
The attack was deemed as a low-grade attack due to the minimal resources and skills required. The conclusion drawn from this attack raises concerns about the potential extensive usage of AI by more seasoned adversaries in generating undetectable and unprovable malware.
The researchers believe that this incident provides tangible evidence of criminals using AI in the wild to generate malware, marking a significant step towards the emergence of new AI-generated payloads beyond just droppers.
According to Alex Holland, the pace of gen-AI technology’s capability growth suggests that the widespread usage and evolution of AI-generated payloads may happen within the next couple of years.
The meeting notes suggest that the criminal use of AI is growing and may soon reach a point where it becomes more prevalent and difficult to combat. The emergence of AI-generated malware payloads poses a significant threat to cybersecurity, prompting the need for proactive measures and advancements in defensive strategies.
The content is related to Cyber Insights 2023 and highlights the growing criminal use of AI, which lags behind defenders. The notes also suggest preparing for the first wave of AI malware.