GenAI used in sophisticated multi-vector Bot attacks

GEN AI

The proliferation of GenAI makes it inevitable that GenAI is going to be used by hackers in numerous attack types. Here are some of the more common uses.

• Establish Fake Authority in Compliance Based Attack: Many attacks rely on exploiting the natural tendency of some humans to be compliant to authority. So many frauds and scams often involve faking an authority figure, such as the Police Fraud investigator, a Banking security official, a court, or other authority figure. GenAI will be used to increase the veracity of the fake authority, for example by using their 'real' voice from a voice mail, or fake video of a real officer, that has been faked to make it more realistic. These deep fakes can be very difficult to spot. People susceptible to these compliance attacks often fall for them repeatedly. For example one recent scammer contacted people that had already been scammed paying thousands of dollars to illegal contractors for home renovation, got a call from a court official, saying they had some good news. Money was due back to them from the court, but they noticed the sales tax on the original bill had not been paid. The fake court angle again duped people out of their money a second time.
• Increasing Conversion Rate: Most of the major bot frauds rely on the fact that someone percentage of people will always fall for the scam. Increasing that conversion rate can make a dramatic improvement on the profitability of the entire fraud. GenAI techniques increase the likelihood that people will fall for the fraud by using realistic GenAI content, such as emails, photographic evidence, deep fake video's and highly realistic audio.

As we can see, the GenAI helps to reinforce and amplify existing attack patterns. Once a victim is convinced by the realistic content, it's much more difficult to prevent the fraud, as the compliant victim will go to great lengths to "help" with the investigation process, and will even comply with commands to not discuss the 'ongoing' fake investigation with others.

Machine Vision AI

Machine Vision AI is often used as part of multi-chain attack. For example core login pages and portal dashboards will be protected from attack by bots by using CAPTCHA services to ensure only valid humans are logging into the bank or other portal.

‍

• CAPTCHA Bypass: Clicking on the crosswalk, bicycles and buses is a maddening experience for users, but the widespread use of CAPTCHAs has helped train machine vision models with billions of labelled data results into highly effective machine vision models. These can now be used to solve the CAPTCHA images. Often the same images are used, and the hackers can easily find the high res versions of the hazy or incomplete images used to prove the solver is human. If the CAPTCHA isn't easily solvable, hackers can also use the audio versions that are often presented as alternates for accessibility reasons.
• Challenge Bypass: In order to prevent the hackers the industry responds to the threat my making the CAPTCHA puzzles even harder. Not only does this frustrate the users, but it also increases the false positive rates massively. Human CAPTCHA farms are used extensively to defeat these puzzles, as well as increasingly sophisticated Machine Vision AI techniques.

‍

How we use Agentic AI

‍

As we've seen from the examples above, the new AI techniques can bypass traditional defences, creating an opportunity to exploit a vulnerability. VerifiedThreat deploys smart agents that can learn from the context, and combine with each other to understand the new breach possibilities. Traditional cybersecurity defence often relies on the first layer of defences that can be easily breached. For example, a site may be protected with both geo-location IP blocking and CAPTCHA services to prevent unwanted automated bot traffic from hitting the site. As a result of implementing these defences the bot traffic will dramatically decrease. Looks like problem solved. However, as we've seen above, its relatively trivial to bypass both the IP geo blocking with local proxies, hiding in the local mobile ASN range, and bypassing CAPTCHA. This attack type won't be picked up, the site is assumed to be same. Combing multiple agents to systematically search for vulnerabilities can greatly help to stop these multi-chain attacks.

‍

‍