KartavyaDesk
news

Artificial Intelligence and its Impact on Cybersecurity

Kartavya Desk Staff

#### Gs Paper 3

Syllabus: Internal Security: Cybersecurity

Source: TH

Context: In the era of AI, cybersecurity is paramount to protect against rising threats posed by generative AI misuse, necessitating collaborative solutions for safe digital navigation.

What is Cybersecurity?

Cybersecurity encompasses strategies and measures aimed at protecting computer systems, networks, and data from unauthorized access, cyberattacks, and data breaches. It involves safeguarding against threats such as hacking, malware, phishing, and other malicious activities that can compromise digital information and systems.

Evolving nature and increasing sophistication of cyber threats.

New targets: While there has been a decreased trend of attacks on end users attacks on enterprises and SMEs are increasing.

New forms of technology: New types of malware, such as automated phishing tools and crypto mining software combined with emerging technologies, are expanding the cyber risk landscape. A host of digital technologies, such as AI, automated botnets, the Internet of Things (IoT), and cloud computing facilitate sophisticated attacks.

• A host of digital technologies, such as AI, automated botnets, the Internet of Things (IoT), and cloud computing facilitate sophisticated attacks.

Potential Unwanted Programs (PUP) and Potentially Unwanted Applications (PUA), masquerading as legitimate apps, are increasingly used to victimize users.

Using Cryptocurrency: g., In Dec 2021, botnet Phorpiex hijacked hundreds of cryptocurrency transactions in India, Ethiopia and Nigeria. The bot has attacked 969 transactions and has stolen crypto assets worth almost $0.5 million.

• The botnet used a new attack method called crypto-clipping that steals cryptocurrency including bitcoin, Ethereum and dogecoin during a transaction, by substituting the original wallet address saved in the clipboard with the attacker’s wallet address.

• Since many enterprises are shifting their infrastructure to cloud-based platforms, i.e., to data centres, the attackers would target those platforms at an increasing rate.

• For instance – There have already been several reports of attacks or attempted attacks on Microsoft’s Office 365 platform.

• Supply chain attacks, such as those used in the NotPetya malware campaign, can be penetrative and lethal.

AI is impacting cybersecurity in several ways:

Increased Phishing Attacks: Phishing emails surged by 1,265%, and credential theft rose by 967% since late 2022 due to AI.

Voice Cloning for Fraud: Hackers imitated a mother’s daughter’s voice to extort money, highlighting the risks of AI-based scams.

Enhanced Hacking Sophistication: AI helps hackers translate code, identify vulnerabilities, and amplify attacks.

Rising Attacks on Organizations: 75% of professionals reported more cyberattacks last year, while 85% linked the trend to AI.

Privacy Erosion: Voice-activated toys and biometric systems threaten individual privacy.

Cybercrime: According to data from CERT-IN, cyber crimes in India have witnessed a 572% increase In the last 3 Years

Reasons for increasing cyber threats in India from AI:

Fragmented cybersecurity infrastructure: Responsibility for cybersecurity in India is spread across various government agencies and private entities, leading to a lack of coordinated strategies.

Apathy towards data privacy: Despite the Digital Personal Data Protection Act 2023, implementation of secure cyber systems by private and government entities is lacking, as seen in the recent PayTM payments bank ban.

Large digital divide: Many lack digital literacy, making them vulnerable to phishing attacks and scams.

Skill shortage: India lacks qualified cybersecurity professionals, hindering effective threat detection and response.

Countermeasures taken by India against cyber threats.

For Critical information infrastructure (CII)- Creation of the National Critical Information Infrastructure Protection Centre, the national nodal agency in respect of CII protection. It was envisaged to act as a 24×7 centre to battle cyber security threats in strategic areas such as air control, nuclear and space.

• Establishment of Defence Information Assurance and Research Agency for cyber security issues of the tri-services and Defence Ministry.

For the Financial sector – CERT-Fin will work closely with all financial-sector regulators and stakeholders on issues of cyber security.

Establishment of cyber security infrastructure

CERT-in The main function of CERT-In is to provide early security warning and effective incident response. It is also a national agency to collects, analyzes and disseminates information on cyber incidents and takes emergency measures for handling cyber-attacks.

IT Act 2000 This act provides a legal framework against cybercrimes related to “electronic commerce”.

National Cyber Security Policy 2013 has been framed to create a secure cyber ecosystem, ensure compliance with global security systems and strengthen the regulatory framework.

Others

I4C (Indian Cyber Crime Coordination Center) was set up in 2016 to look into every kind of cybercrime.

The Indian Common Criteria Certification Scheme (IC3S)is to evaluate and certify IT Security Products and Protection Profiles.

Cyber Swachhta Kendra was introduced for internet users to clean their computers and devices by wiping out viruses and malware.

Cyber Surakshit Bharat Initiative was launched to spread awareness about cybercrime and build capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.

Global Effort: Bletchley Declaration:

The Bletchley Declaration, named after the historic code-breaking site, signifies a global commitment to addressing AI’s ethical and security challenges, particularly generative AI. Signed at the AI Safety Summit (in 2023), it highlights the increasing global recognition of AI risks and involves major world powers like China, the EU, India, and the US.

Measures need to be taken:

By individuals

Apply critical security patches, especially on public-facing servers, and keep end-point security software up-to-date.

Ignore emails from unknown sources, thus avoiding becoming a victim of phishing and spear phishing attacks.

Use complex passwords (not to mention, change passwords regularly).

By government

• Strengthen cybersecurity agencies and partnerships.

• Invest in AI-driven cybersecurity solutions.

• Promote digital literacy and awareness.

• Establish robust cybersecurity laws.

• Develop cybersecurity skills through training.

Conclusion

Even though the government has taken various measures to curb cyber-attacks, recent cyber threat incidents like the Pegasus cyber-attack, attack on India’s COWIN app etc show loopholes in India’s cyber security framework. Research and development, Funding and capacity building in cyber security are the need of the hour for GOI.

Various types of Cybeerserucity threats:

Category | Description

Cybercrime | Mainly targeted against individuals, firms, etc. Involves the use of computers or networks in the execution of a crime or as the target.

E.g., a Malware attack on the City Union Bank’s SWIFT system in March 2020 led to unauthorised transactions worth USD 2 million.

Cyber warfare | Consists of attacks on the computer systems of a country or its institutions to disrupt, damage, or destroy infrastructure.

For the Cyberattack on the Kudankulam Nuclear Power Plant.

Cyber spying | Involves obtaining secrets and information without permission or knowledge from individuals, groups, or governments for personal, economic, political, or military advantage using methods on the Internet, networks, or individual computers via proxy servers.

For ex- Operation Side Copy, a cyber espionage campaign targeted Indian military and diplomatic personnel with malware and phishing emails.

Cyber terrorism | Defined as premeditated, politically motivated attacks against information systems, programs, and data that threaten or result in violence.

Illegal data mining | Involves unauthorized extraction of valuable data for economic gain from the vast amounts of data generated by growing online transactions.

Insta Links:

Cybersecurity Challenges in India

Mains Link:

Keeping in view India’s internal security, analyse the impact of cross-border cyber-attacks. Also, discuss defensive measures against these sophisticated attacks. (UPSC 2021)

Prelims Link:

With the present state of development, Artificial Intelligence can effectively do which of the following? (UPSC 2020)

• Bring down electricity consumption in industrial units

• Create meaningful short stories and songs

• Disease diagnosis

• Text-to-Speech Conversion

• Wireless transmission of electrical energy

Select the correct answer using the code given below:

(a) 1, 2, 3 and 5 only (b) 1, 3 and 4 only (c) 2, 4 and 5 only (d) 1, 2, 3, 4 and 5

Ans: B

AI-assisted content, editorially reviewed by Kartavya Desk Staff.

About Kartavya Desk Staff

Articles in our archive published before our editorial team was expanded. Legacy content is periodically reviewed and updated by our current editors.

All News