AI & supply chain vulnerabilities

Cyberattacks on major organizations have highlighted the vulnerabilities of AI and supply chains. In recent years, there have been a number of high-profile cyberattacks that have targeted AI and supply chain systems. These attacks have shown that these systems are vulnerable to a variety of threats.

The cyber landscape continues to evolve as major organizations like British Airways, Boots, and the BBC face the aftermath of a crippling cyberattack. With payroll data compromised, attention now turns to the potential targeting of AI vulnerabilities. The battle against cyberattacks seems to have been lost, with vulnerabilities in AI becoming a potential future target, as per GlobalData.

The ingenuity behind these attacks is beyond the capability of most enterprises to prevent occurring. They can only take steps to be as resilient as possible. These attacks are tried and tested perhaps more than many realize. Analysis suggests the Clop ransomware gang has been looking for ways to exploit a now-patched zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution since 2021.

The battle to prevent these sorts of attacks from occurring has already been lost. What is important now for security specialists – companies, researchers, security vendors, and governments – is to put their best efforts into limiting as far as possible the use of artificial intelligence, including generative AI, by hackers for offensive purposes.

A recent event demonstrated that security researchers can too easily break through so-called guardrails instituted in AI software and manipulate the software into ignoring safety restraints and then revealing private information.

If they are not controlled, these vulnerabilities will lead to future AI-driven cyberattacks.

Even now, with developments in AI and the sheer volume of use cases for it, the question is, is the world moving into a darker place with the potential for adversarial machine learning attacks through vulnerabilities?”

The doxware incident, in which instead of cybercriminals encrypting data and demanding ransom in exchange for a decryption key, they threaten to publish the information, is one of a steadily increasing stream of similar incidents.

Prevention is critical. Organizations need to make sure they are running the most current anti-virus software. Another important defense is end-user education. Attackers often use phishing and other social engineering tactics to breach an enterprise.