AI is becoming a double-edged sword with its usefulness. While it can be helpful through work and research in various fields of science and technology, some people use AI tools for malicious intent. Hackers and cyber criminals utilize AI tools with web browsing features to convert command-and-control (C2) channels.

With these devious channels, cyber criminals can allow malicious traffic to blend into a casual routine amidst enterprise communications.

The Risk of the Operation

Check Point Research (CPR) has done research to discover which particular platforms are at risk. Popular platforms such as Grok and Microsoft Copilot are in danger of being manipulated from attacker-controlled URLs and return responses.

The reason how this operates is that the AI service is acting as a proxy. This enables it to relay commands to infect devices and steal data and send it to the hacker. All this, without the requirement of an API key or a registered account.

The Proxy Technique

AI is shifting from a development aid for attackers into an operational component of malware itself.

The proxy method relies on AI assistants that support URL fetching and content summarization. Attackers use these to encode data through query parameters and receive embedded commands.

The CPR conducted a proof-of-concept (PoC) to test the proxy method. They instructed the AI to retrieve specific information from websites and examined the returned output for the commands contained in the site’s HTML.

Here are the three characteristics of the proxy technique:

1. No authentication or API key is required
2. Encrypted and encoded data can bypass safeguards
3. Traffic is disguised as legitimate AI web usage.

AI-Driven Malware

The CPR stated that their research has also outlined a much broader issue. Malware that integrates AI into its runtime decision-making is dangerous. An implant could send host information to the hacker, giving them guidance on what they should steal and how easily they can bypass cybersecurity defenses.

For example, instead of encrypting 100GB of files, hackers would focus only on critical assets. By shifting their focus on what is most valuable, they can shorten the execution time down to a matter of minutes!

CPR states that AI-enabled web features pose more as a service-abuse risk rather than a software flaw. AI is constantly integrating into everyday workflows, which is why cyber criminals are using it in their personal workflows.

CPR states “Understanding how these systems can be misused today is the first step toward hardening them for the future, and ensuring that AI remains more useful to defenders than to the malware that tries to hide behind it.”

For more information, you can read the full article on Infosecurity Magazine’s website.

Link: https://www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/

About Advanced Network Consulting

Advanced Network Consulting is a Southern California based IT consulting company focused on the small business market. For businesses in Southern California, or a business that has an office in LA or Orange County, Advanced Network Consulting offers on-site and remote network and server support.

Hoping to improve the efficiency of your computer? Need to strengthen the cybersecurity of your device? We offer a complimentary one-hour onsite evaluation, and our network and server solutions will ensure that your business continues to be operational. Contact us through our site: https://www.ancsite.com/ #ANC #advancednetworkconsulting #IT #ITconsultant #OCsmallbusiness #computing #technology #cybersecurity #internetsafety #AI #malware #cyberattacks #infosecurity