"AI is also a tool for cybercrime; prevention is the smartest thing to do"

"Although there is a perception that AI is a recent technology, both cybercrime groups and state-sponsored groups have been using it for years. An example of this is the Russian troll factories, which have been using AI in disinformation campaigns for years". Critical sectors such as healthcare, and therefore pharmaceuticals, "are in the focus of highly skilled adversarial groups that are employing AI-based systems to impact organisations. Generative AI is one of its branches used to create important solutions such as ChatGPT. But are we aware that there are more malignant variants? This was one of the questions posed at the conference 'The dark side of AI' organised today by the Pharma Unit of Izertis , directed by Javier Rodríguez Barreiro, and aimed at the pharmaceutical industry, with the participation of the president of Farmaindustria, Jesús Ponce. 

In his speech, Jesús Ponce highlighted the value of the meeting "to show us the cybersecurity perspective that coincides with our ethical spirit and integrity in the use of AI in order to be proactive in our activity and, at the same time, protect us from activity that conditions these ethics". The president of Farmaindustria spoke of the emergence of disruptive technologies as a "paradigm shift for us as an industry" while at the same time it stands as a "fantastic opportunity for all of us to become aware". This awareness is supported by reports, such as one by Deloitte, which points out that "the pharmaceutical sector is the one with the greatest integration of AI in its value chain", or another by Price Waterhouse Cooper, which states that "89% of companies in general have increased their IT department budgets in the last 12 months". Finally, he referred to the recent European Cybersecurity report which highlights that "between 8 and 10% of all cybersecurity attacks occur in the health sector". "We have AI which is a reality, but there is a real and tangible risk," he concluded.

Conference

Juan Luis García Rambla, Lead of Cybersecurity Business Development at Izertis,was the person in charge of going deeper into how cybercrime groups really work, taking as a reference one of those focused on the health sector, ALPHV. He explained how these groups are structured in a similar way to a company "with departments, functions and a very structured operation, including specialists in recruitment or negotiation, for example, which a priori would have nothing to do with the operation of cybercrime". Also from "state-funded groups that aim to steal patents or stockpile information". 

García Rambla spoke of the search for monetisation of attacks, with extortion involving reputational damage or loss of influence of companies or institutions. "Taking the same generative AI foundations, these other versions, devoid of 'morality', are at the service of cybercrime and are able, among other things, to orchestrate phishing campaigns or create malicious code. Recent research has even determined that worm-like virus variants can be created that can be replicated and distributed through the interconnectedness of the GenIA ecosystem,' he said.
 

He outlined the ease with which profiles can be created, "given a layer of credibility and automated profile management" and exemplified his talk with a connection to an AI requesting the creation of a credible email to carry out a so-called 'CEO attack'.
"Our specialised teams, whether to design the AI service, to implement it or to evolve it, work closely with the cyber security teams to ensure security throughout its lifecycle. We are actively working on threat awareness, to minimise risks and impacts, even from the point of view of adversaries who are also riding this great wave.

Juan Luis García Rambla concluded that "AI is also a tool for cybercrime. Its use is a matter of morality", so "prevention is the smartest thing to do".