SINGAPORE – Cyber criminals are actively trying to corrupt generative artificial intelligence (AI), which may then put the ability to create ransomware in the hands of individuals.

The looming threat is what keeps Mr Willis Lim, the director of the National Cyber Threat Analysis Centre at the Cyber Security Agency of Singapore (CSA), up at night.

Generative AI platforms like ChatGPT were created to be a productivity tool.

But it seems such tools are also boosting the productivity of cyber criminals, said Mr Lim in an interview with The Straits Times on Tuesday.

“On underground forums and the dark web, there are these thriving channels where cyber criminals actively talk about jailbreaking AI tools like ChatGPT to unlock their full malicious potential,” he said.

“If they succeed, they can use AI to turbocharge ransomware. It is a totally new level of threat if you put the capability to create ransomware using AI in the hands of each and every person. It’s the biggest concern of every cyber-security agency around the world.”

Ransomware, which is a malicious software designed to block access to a computer system until a sum of money is paid, is already a problem.

According to CSA’s Singapore Cyber Landscape 2022 report, cyber-security vendors reported a 13 per cent increase in ransomware incidents worldwide in 2022.

Mr Lim said more than 130 cases were reported here in 2022, and that not every victim will report an attack.

“To put it into perspective, that is like one ransomware case every three days or so,” he said.

“And the 130 may very well be the tip of the iceberg. Some surveys show that only a fifth of victims either report or reach out to law enforcement for help.”

Other cyber-security experts who spoke to ST previously warned that ransomware may very well be the biggest criminal threat in 2023.

Mr Philip Reiner, the chief executive of cyber-security think-tank Institute for Security and Technology, said he expects a record-breaking number of ransomware attacks in 2023.

Mr Derek Manky, chief security strategist and vice-president of global threat intelligence at cyber-security company Fortinet, said the ransomware scene is flourishing because of how profitable it has been.

Earlier in May, one of the biggest ransomware attacks saw hundreds of corporations being extorted.

The Clop ransomware gang infiltrated the systems of the popular MOVEit file transfer system, looting the data of financial institutions and tech companies, among other organisations.

Cyber-security experts estimate that the total damage to be around US$11 billion (S$15 billion) to date, with more than 2,500 organisations and 64 million people affected.

The gang is believed to have begun planning the attack almost two years before, taking the time to find the vulnerabilities in the systems before they finally executed the heist in one go.

Mr Lim said the attack and several others this year are worrisome as they show a trend of cyber criminals becoming both more technically sophisticated and tactically astute.

He explained that in the past, only state actors were able to develop such tech capabilities to pull off such a large-scale heist.

But now, cyber criminals are functioning as organised enterprises, which not only have that technical capability, but also the ability to incorporate significant social engineering in their attacks and to wait it out.

To combat the growing threat of ransomware, the Counter Ransomware Task Force (CRTF) was set up in late 2022 to bring together agencies across Singapore to enhance counter-ransomware efforts.

In its November 2022 report, the CRTF recommended providing resources to victims to help them recover from ransomware attacks.

In response to the recommendations, the police, in collaboration with CSA, developed a one-stop ransomware portal that allows victims to easily report such cases and look for recovery support resources like decryption tools.

The portal was soft-launched on Sept 6, and announced at the Singapore International Cyber Week 2023, being held from Oct 16 to Oct 19 at the Sands Expo and Convention Centre.

Such initiatives help consumers and businesses recover from an attack, said Mr Lim.

But the bigger worry for him is cyber criminals using AI to develop their tools and operations.

He said: “The concerns about AI-enhanced cyber attacks are not beyond the realms of imagination. We have already seen proof of concept, of researchers using generative AI chatbots to create basic encryptors.”

He explained that if generative AI were allowed and used to create ransomware and other hacking programs, then the world would be forced to face a new level of threat, with every person having access to such an ability without the need for any technical expertise.

“The tech firms that deal in generative AI are keenly aware of its destructive nature, and the governments around the world are also keenly pursuing conversations with these companies,” said Mr Lim.

“I think everyone knows we need extremely strong guardrails and safety features so that AI is never turned into a force for malicious activity.”

He added that the silver lining is that the cyber defenders are also using AI to fight back.

He said: “For example, some students use AI to cheat in their tests and assignments, but there are also AI tools that have been developed to detect AI-generated papers. In the same way, we use AI to scale up our monitoring, compile incident reports and so on.

“If the bad persons use AI, then we, too, must use AI.”