A recent study conducted by Menlo Security has highlighted a concerning trend of malware infiltrating online platforms and social media through the use of AI-generated fake advertisements. Unfortunately, the IT expert prediction about AI being used in future cyber attacks has come true. The research, carried out by CensusWide and based on responses from 1,000 UK consumers between May and June 2023, indicates that these insidious "malvertising" attacks pose a greater challenge for identification due to their AI origin.
The study discovered that a significant majority of respondents, amounting to 70%, were unaware that clicking on a brand logo could lead to malware infections. Additionally, 40% of participants remained oblivious to the risks associated with clicking on social media advertisements and the importance of a VPN service. Menlo Security has cautioned that, on average, one out of every 100 online ads is malicious, and as AI tools and software become increasingly accessible and user-friendly, this figure could rise even further.
Alarmingly, almost one-third of the respondents (31%) expressed a lack of confidence in their ability to recognise and avoid malvertising threats. This figure is particularly significant among women, where it reaches 40%, and individuals aged 55 and above, with 41% displaying a similar lack of confidence.
Tom McVey, the AI security spokesperson at Menlo Security, emphasised the dangers of malicious AI, stating: "AI used maliciously can not only generate convincing text, but it can also generate images which can be made to appear like popular brands or logos". McVey further warned that users are only a few clicks away from encountering malware online. With the proliferation of malware-as-a-service and readily accessible AI-generated content, even individuals with minimal skills can create deceptive advertisements, leading to an anticipated surge in malvertising.
Menlo Security's analysis also revealed varying levels of consumer trust towards different platforms. Facebook and Instagram were deemed more trustworthy, with one in five individuals expressing confidence in their ability to avoid malvertising on these sites. However, Twitter received a lower level of trust, with only 14% of respondents believing it to be free from malvertising.
McVey concluded by highlighting the misconception that even reputable websites are immune to malvertising, stating: "Some people may be shocked to learn that even the most credible websites are not immune to malvertising". The study's findings underscore the urgent need for heightened awareness, improved user education and the importance of hide VPN, and proactive measures to combat the growing threat of malware disseminated through AI-generated fake advertisements.