Phishing Attacks

Chris Swagler | December 20th, 2023

 

As far as security teams are concerned, artificial intelligence (AI) is both a foe and a friend. With AI being utilized to assist companies’ systems in defending themselves, threat actors are leveraging it to strengthen their attacks. It’s becoming increasingly true when it involves phishing attacks.

The Evolving Phishing Tactics

Most people were able to detect phishing emails. They were riddled with grammatical errors, inadequate vocabulary, spelling, grammar, and a page layout that would make a first-grade art teacher cringe. However, artificial intelligence has enabled threat operators to dramatically improve the output and construct content that is highly convincing in their phishing emails. The emails are far more professional, and they’re increasingly deceiving even the most cautious people into clicking on things they shouldn’t. AI not only assists threat operators in creating more convincing messages, but the algorithms also assist threat operators in creating content that appears more like actual human conversations. It becomes more difficult for email filters to detect phishing attacks.

Business Email Compromise Attacks

Because GenAI, or large language models (LLMs) are so effective, threat operators may better impersonate influential (or the right) people within companies, including the CEO or someone from the IT or finance departments. It’s beneficial for email-based scams, including Business Email Compromise (BEC) attacks. BEC attacks occur when threat operators are pretending to be CEOs, other executives, or business partners deceiving employees into executing wire transfers. The attacks have taken the form of email phishing attacks. AI-powered social media and text messages, deep fake videos, and deep fake voicemails are all on the horizon. Virtual meeting platforms are being used by threat operators.

BEC attacks have escalated dramatically in recent years. Over the past two years, BEC attacks increased by 81% and 175% in 2022. During the second half of 2022, the median open rate for text-based BEC emails reached 28%, with 15% of employees reacting to the attacks. BEC schemes have resulted in significant losses. BEC schemes caused $43 billion in global losses between 2016 and 2021, a 65% increase. Threat operators made $2.4 billion globally reported to the FBI in 2021 alone, which is 49 times the reported ransomware yield ($49.2 million) and accounts for a third of total cybercrime earnings of $6.9 billion.

Using AI to Fight AI

Companies will increasingly have to battle AI with AI. Malicious communications can be identified and responded to using advanced machine learning algorithms, anomaly detection, and real-time monitoring. AI-powered email protection systems should examine email content and subject lines for tones and precise wording to detect questionable interactions. Additionally, AI-powered anti-phishing tools can scan inbound messages for signs of phishing attacks. The signs can include real-time brand spoofing and impersonation efforts using SPK, DKIM, and DMARC authentication procedures, and email header anomaly analysis.

Another important aspect of preventing AI-powered phishing attacks is allowing employees to report suspected attacks directly from their email client or web browser. Anti-phishing solutions will not detect all phishing attacks, whether powered by strong machine-learning algorithms or not. Companies will receive optimal insights on what attacks are underway and what companies are being targeted in the attempts by relying on employee reports. Additionally, real-time URL classification is required, and properly taught AI systems perform well. There are numerous malicious URLs being developed that human analysts could never triage fast enough. New malicious URLs can be identified as threats by using machine learning algorithms.

Virtual sandboxing is an important line of defense, along with attempting to block the phishing emails and associated URLs at the Internet gateway and on endpoint. Additionally, virtual sandboxing plays a critical role in quarantining malicious in virtual systems away from the endpoint. It allows for automatic removal of malicious links and attachments and unknowns can be virtually assessed. If malicious payloads are there, they will never reach the endpoints or other systems that can cause damage.

The Human Factor

The human aspect is an important last line of defense in the age of GenAI and AI-enhanced phishing threats. If maliciously written phishing emails manage to get past the set layers of protection, which a small fraction will do, a well-trained staff will be prepared to avoid clicking on the malware-laced attachments or malicious URLs. Companies want to continue educating their employees about phishing attacks and testing their capacity to detect them using automated phishing simulators and detailed reporting. Even though AI is both a friend and a threat to security teams, the good news is that AI can be used to defend users from threats. The key is to employ AI to combat threat actors.

With more threat actors utilizing AI for their phishing attacks, it’s critical for companies to remain alert to the current threat landscape and train their employees to detect potential phishing scams. Phishing attacks are the most common methods threat actors use to harvest legitimate credentials. SpearTip offers phishing training as mitigation to enhance skills related to defending against these threats. The training tests the discernment of companies’ teams, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in your environment. Our team creates phishing email simulations like those threat actors use and sends them throughout the organization. We provide insight and feedback to improve the cyber defenses of companies’ teams, leading to a profound decrease in the likelihood of being victimized by phishing scams. After the training, our team provides precise and thorough strategies about how to harden companies’ environments and implement ongoing awareness training.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.

Categories

Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.