Kathy Gibson reports – Researchers have uncovered new malware threats that use artificial intelligence (AI) to bypass existing malware detection.
This is the word from Eli Smadja, worldwide research group manager at Check Point, who says the new AI evasion malware was discovered as recently as last week.
The new malware doesn’t yet work with all large language models (LLMs), Smadja adds, as some of the mainstream players are able to recognise the attack.
However, researchers have been able to demonstrate that it’s possible for the technology to bypass all LLM protections.
“This means we have now found the beginning of a new trend.”
The novel strain attempted to manipulate GenAI-based detection methods using prompt injection, where attackers feed misleading commands into security systems to classify malicious content as sage.
This new wave of threats won’t be easy to fight, Smadja points out. “We are not yet in a position to fight AI with AI. Threat actors are training themselves to exploit the very AI systems designed to stop them.”
Smadja also unveiled research into African cyberthreats.
Organisations in Africa face 3 335 cyberattacks per week on average, which is 72% higher that the global average of 1 938 attacks per organisation.
The most targeted country in Africa is Ethiopia. Smadja believes this is a result of the country digitalising quickly, with cybersecurity not keeping up with the pace.
The top malware found on the continent FakeUpdates.
In most of Africa, 80% of malicious files are delivered via email, while in South Africa, 62% of them are via the web. Smadja says this indicates that the cybersecurity posture in South Africa is better than the rest of the continent, with most companies and government organisations better-protecting their email.
Government and military institutions remain the most affected sector, placing national infrastructure at a heightened risk from both cybercriminal and state-linked actors.
Smadja explains that, globally, the most common types of attack are cyber wars, ransomware, infostealers, edge device vulnerabilities and cloud.
Cyber wars, while not a new threat, are now using AI to create influence by generating deepfakes and fake news.
A new trend is seeing ransomware and infostealers tied together, and threat actors are first stealing data, then demanding ransomware to stop them releasing information. “Unfortunately, it is working,” Smadja adds.
As organisations become better at securing their IT systems, attacks on edge devices like gateways, routers and cameras are becoming more common, Smadja says.
Cloud attacks are also becoming more widespread, as more companies move to the cloud but fail to configure their systems correctly, he adds.
Smadja warns that zero-day and one-day attacks are also increasing as cybercriminals use AI more extensively to quickly exploit vulnerabilities.
Derek Middlemiss, regional director: sales engineering for emerging markets EMEA at Check Point, comments: “With digital adoption accelerating across Africa, we must ensure cybersecurity is both adaptive and accessible. Our role is to guide organisations on the journey from reactive defenses to proactive prevention, supported by AI, unified visibility and local expertise.”