Britons must “strengthen their defences” against the growing threat posed by ransomware developed or enhanced using artificial intelligence (AI), the head of the UK’s cyber security agency has warned.
It comes as a new report from the National Cyber Security Centre (NCSC) has found that AI is lowering the barrier of entry to novice cyber criminals.
The NCSC – which is a part of GCHQ – has also warned that bad actors are using AI to better find and target victims and that the technology will almost certainly increase the volume and impact of cyber attacks in the near term.
The agency has previously identified ransomware as the biggest cyber threat facing the UK.
NCSC chief executive Lindy Cameron said: “We must ensure that we both harness AI technology for its vast potential and manage its risks – including its implications on the cyber threat.
“The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term.
“As the NCSC does all it can to ensure AI systems are secure by design, we urge organisations and individuals to follow our ransomware and cyber security hygiene advice to strengthen their defences and boost their resilience to cyber attacks.”
Ransomware involves hackers gaining access to a user’s system and then either stealing or locking access to files using encryption, demanding a ransom to return the data.
One of the largest incidents seen so far was the 2017 WannaCry attack, which affected computers worldwide, including car firms such as Nissan, Honda, and dozens of NHS trusts across England.
The attack, believed to have originated from North Korea, severely disrupted services and left thousands of appointments cancelled, while an October 2018 report found the hack and the fall-out from it had cost the NHS as much as £100m.
The British Library also experienced a major ransomware attack in October last year, in which hackers stole personal data.
The NCSC said analysis from the National Crime Agency (NCA) suggested that cyber criminals had already started to develop criminal versions of generative AI models, making better hacking tools available to anyone willing to pay.
The warning comes after the government, in partnership with the NCSC and other industry figures, published new guidance for business leaders on boosting their cyber security protections.
They asked them to treat the issue in the same way they would any other vital business or financial issue.
James Babbage, director-general for threats at the NCA, said: “Ransomware continues to be a national security threat.
“As this report shows, the threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cyber criminals.
“AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods.
“Fraud and child sexual abuse are also particularly likely to be affected.
“The NCA will continue to protect the public and reduce the serious crime threat to the UK, including by targeting criminal use of generative AI and ensuring we adopt the technology ourselves where safe and effective.”