Singapore’s Cyber Defenses Against ChatGPT-Enabled Hackers

Singapore created a new branch of the military for the first time in 50 years to defend against AI-enhanced cyber attacks

Deborah Yao, Editor, AI Business

June 1, 2023

4 Min Read
AIB

Singapore is mobilizing against AI-enhanced digital threats that come from cyber criminals harnessing ChatGPT and other generative AI capabilities.

Brigadier General Edward Chen said while ChatGPT and generative AI has brought AI to the “iPhone moment” of widespread recognition, it also opened the door to exponentially greater cybersecurity threats. He spoke at the recent AI and Defense summit held by Sparkcognition, an AI solutions provider to the private and public sectors.

Chen cited three main impacts of generative AI in cybersecurity: increased human vulnerability, weakened cyber infrastructure, and an expanded digital terrain.

People have always been the weakest link in cybersecurity and ChatGPT has further intensified this vulnerability, he said. It has enabled cyber criminals to craft more sophisticated phishing emails to trick consumers into clicking on them to download malware.

“ChatGPT cyber criminals can generate well-written, believable emails and tailored to specific organizational contexts,” Chen said. “The days of identifying phishing emails through spelling errors and poor grammar have long gone.”

Moreover, criminals can feed ChatGPT harvested user data so they can impersonate people with “amazing accuracy,” Chen said.

Audio and video are also vulnerable to manipulation. Chen said AI was used to clone a CEO’s voice and tricked a banker into sending $35 million for a fake acquisition. “AI tools can now generate realistic, cloned voices that can be used for nefarious purposes,” Chen said.

What is more troubling is when criminals use text, video and audio together to create misinformation campaigns to create fake news. He said this makes it difficult to discern truth online especially in light of a psychological phenomenon in which the more one sees a message, the more one believes it regardless of whether it is true or not.

Another area of concern is weakened cyber infrastructure. Chen said traditional cyber infrastructure defenses will become obsolete since these use common network sensors and malware scanners to spot malicious activity.

ChatGPT lets hackers quickly create unique malware variants that do not match any known ones so they can evade detection, Chen said. Also, “ChatGPT has lowered the technical bar and significantly reduced the time taken for attackers to develop such advanced malware."

A third outcome is an expanded digital terrain. The attack surface expands exponentially with the broad adoption of ChatGPT, Chen said. As more generative AI apps are developed, the larger the terrain open to attacks.

Moreover, the AI models themselves can be attacked. Because of their complexity, AI models are black boxes where it is not exactly known how they work. Researchers have shown that it is possible to hide malware within deep learning models undetected, Chen said. Also, AI models have access to high computing power that can amplify these attacks. So think twice before downloading an open source AI model unless the source is trusted, Chen advised.

Singapore's Singular Response

To prepare, Singapore has created a new branch of the military – the first time it has done so in half a century.

Called the Digital and Intelligence Service (DIS), the unit was established by the Singapore Armed Forces to “tackle these nebulous and emerging threats against Singapore and Singaporeans in the digital domain,” said Chen.

DIS has three key initiatives: Train and equip personnel, harness AI to fight AI-enabled hacking and safeguard new digital terrain.

It educates, trains and sensitizes its staff to new threats by doing such things as using generative AI to craft user-targeted emails and seeing which employees fall for them in internal phishing exercises. Those who fall victim will have a one-to-one counseling session with their supervisor.

Second, it works with the iTrust Centre for Research in Cyber Security in Singapore to develop defenses against cyber-physical attacks on operational technology systems – basically using malware to disrupt physical equipment – to avoid what happened in the Colonial Pipeline breach.

Colonial Pipeline was hit with a ransomware attack in 2021 and the company had to halt all oil pipeline operations to prevent the malware from spreading. It paid a ransom of $4.4 million to restore access.

Chen said the iTrust center has developed a cyber intrusion detection technology to secure infrastructure such as water utilities and this will be expanded to power plants, 5G networks and other areas as well.

Third, with an expansion of cyber terrain to protect, DIS will train personnel on the latest generative AI models so they can defend against them. They will participate in cyber exercises.

This article first appeared on IoT World Today's sister site, AI Business.

Read more about:

Asia

About the Author

Deborah Yao

Editor, AI Business

Deborah Yao is an award-winning journalist who has worked at The Associated Press, Amazon and the Wharton School. A graduate of Stanford University, she is a business and tech news veteran with particular expertise in finance. She loves writing stories at the intersection of AI and business.



Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like