DNSC warning: Cyber attacks executed entirely with Ia, inevitable in 2-3 years. Why Romania has “a gigantic attack surface”
Artificial intelligence and Machine Learning (photo biancoblue, dreamstime.com)
“I have not yet seen a cyber attack prepared and executed from one end to the other with the help of artificial intelligence (Ia), but probably in 2 or 3 years, my estimate, we will get there,” said Dan Cîmpean, director of the National Cyber Security Directorate (DNSC). He warned that at the national level “we have somewhere at 12-13 million Romanians who use the Internet daily, which” means a gigantic attack surface “.
Artificial intelligence, increasingly used in attacks
Artificial intelligence (Ia) begins to be used more and more often offensive by attackers, but also defensively, said the DNSC official at the Digital Romania Forum, an event organized by Financial Intelligence.
“For now, artificial intelligence is used in two ways: once for attackers, to accelerate and prepare its attacks and decreases the technical knowledge barrier they need-because you can ask a engine to write a script through which to perform a denial-service attack (DOS), without being a program. Much, “said Dan Cîmpean.
A denial-off-service (DOS) attack prevents users' access to an online service, website or network. The attackers overload the target system through a large volume of traffic, requests or unnecessary requests, making it unable to function correctly.
A gigantic attack surface: 12 million users to be educated
The DNSC director emphasized that in Romania “we have now 12-13 million users daily”.
“It is a gigantic meal, people who have devices, install, uninstall, do activities in the virtual space and have to educate. I say very open and directly, in many cases with the simplest and basic knowledge: use passwords, not every link is benign, many are malicious. National 12 million users means a gigantic attack area, ”he said.
“I give you a very simple example that we are facing now”
The DNSC director claims that about 80% of observed and reported attacks are aimed at fraud and deceptions and very few are more serious in which massive data extractions are made.
“The initial attack vector called Phishing and who uses various channels: email, text messenger on various platforms, certain web pages, that initial attack vector leads to social engineering techniques, interaction with the standard user, after which we observe the bifurcurci. The types.
What can be done? The user awareness, says the DNSC director. Internet users in Romania should be made to understand that there are simple techniques of manipulation, social engineering, in which attackers do not need technical skills, they just have to convince the victims to give their passwords, the username or to do certain activities.
“I give you a very simple example that we face now. On many social media platforms there are videos that invite the user to install some applications. This is the so-called click fixed attack, so we call it, by which the user is told: go there download the application, click. video.
So there are a lot of scams, social engineering is better used and unfortunately the AI does not help us because the messages become more and more current, better written and more and more in Romanian, ”said Dan Cîmpean.
The solution from the point of view is to start a “marathon” of awareness campaigns both at the public and private levels through which users are educated about the risks in the online environment.
