Cape Town - The global rise of artificial intelligence (AI) and machine learning (ML) has been a double-edged sword in the world of cybersecurity, especially when it comes to malware, one of the most common forms of cyberattacks.
“Malware is software that is specifically designed to disrupt, damage or gain unauthorised access to a computer,” said Jackie Smith, head of Buyers Trust, a cybersecure bank-hosted deposit solution for homebuyers.
“Once a hacker gains access to a system, they can access sensitive personal and financial information, giving them the ability to intercept electronic communications and, in a worst-case scenario, divert and drain funds from the victim’s bank accounts.”
Smith has closely monitored the increasing number of cyberattacks in South Africa, particularly in the property industry, where large sums of money are transferred daily.
“The growing trend of first-time homebuyers putting down larger deposits could increase the frequency of these malware attacks.”
She said malware infection typically occurs when an unsuspecting user clicks on a malicious link or downloads a program.
“These links or programs are typically disguised as something else, for example: ‘Click here to claim your prize,’ and once installed on a user’s device, contain harmful viruses or spyware that gives a hacker varying levels of access.”
The Independent IT-Security Institute AV-Test reports that 30 million new malware samples were detected in 2023, resulting in hundreds of millions in financial losses around the globe.
Recent advancements in AI and ML have played both a positive and negative role in curbing malware attacks.
Promisingly, AI-powered anomaly detection systems are increasingly being used to identify patterns of behaviour that indicate a cyberattack, even when those patterns are not easily recognisable by humans.
However, AI-powered malware can also use machine learning to evade traditional safeguards like anti-virus and anti-malware programs.
Of particular concern to Smith is the use of machine learning to generate realistic-looking phishing emails that are more likely to trick unsuspecting users into clicking on malicious links.
“If a criminal is able to gain access to the email account of any of the parties involved in the homebuying process, they can then use malware software to impersonate a legitimate party and create fraudulent links or bank details that could divert a buyer’s substantial deposit into their own account,” Smith said.
“On the Buyers Trust platform, which operates as a transparent and safe third-party alternative platform where buyers can entrust their deposit, we have taken a number of additional measures to ensure security in light of these AI- and ML-enabled malware advancements. Chief among them are multi-factor authentication (MFA) and encrypted communications.”
Smith believes that MFA is a powerful tool in combating the danger of AI and ML advancements helping malware communications to appear more convincing and “human”.
“MFA goes beyond asking a user to verify their username and password. It requires two or more factors to verify a user's identity and grant them access to an account.
“This can include face ID or fingerprint scanning – biometric security measures that are all but impossible for the majority of cybercriminals to impersonate.”
Smith recommends that homebuyers avoid sharing banking details or other sensitive financial information over email and instead communicate via a secure encrypted platform or a verified WhatsApp Business Account which uses the Signal encryption protocol.
“As a general rule of thumb, if you are entrusting your hard-earned deposit to another individual rather than a secure platform, ensure that you speak to them over the phone or in person to verify the legitimacy of their banking details and to ask what security measures they have in place.”
“If you suspect malware on your device, immediately disconnect it from the internet and consult a trusted cybersecurity professional for instructions on removing the malicious software,” Smith concludes.