AI malware, Gemini lures and more: Google reveals how hackers are actually using AI (www.techradar.com)

Google's Threat Intelligence Group (GTIG) has revealed alarming insights into how cybercriminals leverage artificial intelligence (AI) for malicious activities. They found that threat actors are using 'distillation attacks' to clone advanced AI models, such as large language models (LLMs), which enables them to create custom tools for phishing and malware development without incurring costs associated with legitimate services. These cloned models can optimize phishing campaigns, as seen with state-sponsored groups from Iran and North Korea, which utilize AI to gather intelligence and execute sophisticated social engineering tactics. The implications for the AI/ML community are significant, as these developments showcase the potential for AI to be weaponized in cyberattacks, sparking a need for enhanced cybersecurity measures. Traditional detection methods are increasingly inadequate, prompting the deployment of real-time AI tools to recognize the behaviors of AI-enhanced malware. Google, in response, is actively monitoring and patching vulnerabilities in its Gemini platform to counteract malicious usage. This evolving landscape underscores the dual-edged nature of AI technology—while it can streamline tasks and enhance capabilities, it also poses unprecedented risks when wielded for harmful purposes.