Chatbot Attacks
For CISOs, the increase in the adoption rate of chatbots comes with lots of challenges that have to be encountered at any cost. They benefit companies with large potential for efficiency, improved customer engagement, and faster customer service. But with the emergence of every new technology, they also open up new threat surfaces. Through chatbots, lots of chatbot attacks have been noticed this year, so it is reasonable to expect big growth in the number of threats during these days. What can companies learn about securing themselves from chatbot attacks, which have been publicized?
Recheck The Existing Security Apps of Your Company
Think back about the previous year’s spring where you might remember the incidents regarding customer data breach affecting Delta Airlines and Sears. A few months back, an AI vendor-provided online client support services for different organizations, which had been breached. This caused the theft of thousands of customer information due to the absence of proper security controls.
Mainly, chatbot attacks are threats against business apps. As such, one of the initial stages CISOs should enforce with the perspective of securing themselves is to recheck their existing security programs, particularly to deeply analyze the following two things:
- You need to check that all cloud computing security strategies are located at their accurate place for every business software. Review that these apps deploy for all chatbots too. Security patches, regular product updates, and multi-factor authentication are some of the crucial things to be analyzed. Also, it is essential to encrypt data at rest and in transmit mode, implement access control solutions, and validate every input at the backup.
- Ensure that the existing Cyber security solutions are compatible with online applications used in your business. Online architecture can grow the threat surface of any firm, leaving organizations broad-open to new threat vectors. Hence, it is essential that enterprises accessing chatbots through online platforms make sure that they rethink their legacy protective approaches. One of the measures is to consider a cloud access security broker software. Enterprises are rapidly turning to CASB solutions for addressing cloud computing security challenges, providing compliance, deep data visibility, granular access control, prevention from data breaches, threat protection, and encryption.
Revisit Your Firm’s Ecosystem
Perhaps the popular chatbot attack was the Ticketmaster one, which occurred in the month of June 2018. Ticketmaster of UK revealed a breach of 40,000 customers in which personal and payment card information was compromised. This incident took place through the compromised chatbox software. Inbenta – the firm with which Ticketmaster partnered for developing a chatbot, was breached by the group of Magecart criminals that replaced a malicious JavaScript coded to gather personal data and payment card records from the transaction pages of Ticketmaster websites. In this scenario, the chatbot itself wasn’t exploited but, the environment was accessed to spread malware, and while it was not a specific complicated threat, it acts as an essential warning to all large companies. Unfortunately, this was not an isolated accident but, rather a first of a massive campaign by the same group.
Threats to the supply chain are becoming regularly common and chatbots are not the exceptional ones. The incidents highlight the presence of protecting the provider ecosystem. Organizations should not imagine that their vendor has the same set of security standards as they do, so if they are using chatbots via 3rd party platforms, it is important to assess their security posture to know what sort of further protection is required.
Don’t Dare To Forget Human Errors
In the year 2016, Microsoft Research involuntarily gave users an old example of potential chatbot attacks against AI, when its Tay bot began to tweet inflammatory and racist posts. As per Microsoft’s opinions, they were the consequences of Cyber trolls that poisoned Artificial intelligence with offensive tweets. Without any surprise, the chatbot was shut down just after 16 hours.
With the advancement in chatbot technology, we can assume variants of attacks against them to become more sophisticated, behaving in more subtle methods. Microsoft Tay’s example recommends not only that social engineering threats are theoretically possible to occur, but also such chatbot attacks are aimed at exposing private information from a dangerous perspective. It is another example of how artificial intelligence can be utilized to help organizations, but also simultaneously secure them.
In today’s date, threats through chatbots look to be confined to content-based apps. In the majority of situations, the environments have been compromised for injecting attacks that fetch all data from the victim’s site. Very soon, it is expected to notice the threat attackers creating chatbot attacks to force a customer to click on malicious links. Clicking on these sort of links enable hackers to enter into the target’s system and attempt their intended task.
Final Thoughts: Chatbot Attacks
Therefore, it is important that CISOs concentrate enough on the resources to educate business employees and clients too. Alongside basic training on analyzing malicious activities, enterprises should organize daily awareness campaigns to maintain the staff vigilant to inconsistencies.