Home Technology Gen AI Fueling Surge of Sophisticated Email Attacks

Gen AI Fueling Surge of Sophisticated Email Attacks

by news

Generative AI tools like ChatGPT are sparking an increase in sophisticated email attacks, according to a report released Wednesday by a global, cloud-based email security company.
Security leaders have worried about the possibilities of AI-generated email attacks since ChatGPT was released, and we’re starting to see those fears validated, noted the report from Abnormal Security.
The company reported that it has recently stopped a number of attacks that contain language strongly suspected to be written by AI.
“High-end threat actors have always used artificial intelligence. Generative AI isn’t a big deal for them because they already had access to tools to enable these kinds of attacks,” said Dan Shiebler, Abnormal’s head of machine learning and author of the report.
“What generative AI does is commoditize sophisticated attacks so we will see more of them,” he told TechNewsWorld.
“We have seen an increase in business email compromise (BEC) attacks, which these kinds of technologies make easier to do,” he continued.
“The release of ChatGPT was a consumer milestone, but the release of GPT3 in 2020 enabled threat actors to use AI in email attacks,” he added.
Mika Aalto, co-founder and CEO of Hoxhunt, a provider of enterprise security awareness solutions in Helsinki, told TechNewsWorld that attackers are adopting AI technology to create more convincing BEC campaigns and develop more sophisticated BEC attack kits that are then sold on the dark web.
“According to our own research, human social engineers are still better at crafting phishing emails than large language models, but that gap is closing,” he said. “Hackers are improving at prompt engineering and circumventing guardrails against the misuse of ChatGPT for BEC campaigns.”
“One pretty scary application of this technology is iterative resending of an attack,” noted Shiebler. “

“A system can send an attack, determine if it made it through to the recipients, and if it doesn’t make it through, modify the attack repeatedly,” he explained. “Essentially, it learns how the defense is functioning and modifies the attack to take advantage of that.”
In its report, Abnormal demonstrated how generative AI was used in three attacks on its customers — a credential phishing attack, a traditional BEC attack, and a vendor fraud attack.
These three examples are only a small percentage of the email attacks generated by AI, which Abnormal is now seeing on a near-daily basis, the report noted.
Unfortunately, it continued, as the technology continues to evolve, cybercrime will evolve with it, and both the volume and sophistication of these attacks will continue to increase.
Generative AI tools can increase the effectiveness of a phishing campaign, especially those originating outside the United States.
“Many email attacks originate outside the U.S. by non-native speakers, resulting in emails with obvious grammatical issues and unusual tone of voice, which trigger suspicion by the recipient,” explained Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel.
“Generative AI allows the sender to create a customized, conversational, extremely credible email that would trigger no suspicion, resulting in more users falling into the trap,” he told TechNewsWorld.
“Proper context and grammar make the content more believable and less likely to be suspicious to the user,” added James McQuiggan, a security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.
“Additionally,” he told TechNewsWorld, “generative AI can pull information from the internet about an organization to create a targeted or more believable spear phishing campaign.”
Joey Stanford, head of global security and privacy at Platform.sh, a global platform as a service provider, noted that email attacks crafted with generative AI might appear more realistic and convincing because they use sophisticated linguistic techniques and large datasets of phishing emails.
“This allows bad actors to automatically generate new, compelling phishing emails that are more difficult to detect,” he told TechNewsWorld. “Generative AI tools like OpenAI’s ChatGPT may be behind the 135% increase in scam emails using these techniques revealed in a recent Darktrace report.”
Stanford maintained that organizations could protect themselves at the network level against email attacks crafted with generative AI by using cybersecurity tools with self-learning AI. Those tools, he explained, can detect and respond to anomalous and malicious email activity in real time without relying on prior knowledge of past threats.
“These tools can also help organizations to educate their employees on how to spot and report phishing emails and enforce security policies and best practices across the network,” he said.
He acknowledged that those tools were new and undergoing rapid development, but fighting AI with AI appears to be the best solution to the problem for several reasons. Those include:
However, the generative AI problem can’t be solved in the long term with more AI, countered John Bambenek, principle threat hunter at Netenrich, an IT and digital security operations company in San Jose, Calif.
“What is needed is looking at what is normal and abnormal from a behavior analytics standpoint and to realize that email is insecure and non-securable,” he told TechNewsWorld. “The more something matters, the less it should rely on email.”

“The key is still the same, think twice before taking action on an email, especially if it’s something sensitive like a financial transaction or a request for authentication,” he added.
Whether an email is generated by an AI, bot, or human, the steps for vetting it remain the same, advised McQuiggan. A recipient should ask three questions: Is this email unexpected? Is it from someone I don’t know? Are they asking me to do something unusual or in a hurry?
“If the answer is yes to any of those questions, take the extra time to verify the information in the email,” he said.
“Taking the extra few moments to check the links, the email’s source, and the request can reduce additional costs or resources because someone clicked a link and initiated a risk of data breach to the organization,” he advised.
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
Please sign in to post or reply to a comment. New users create a free account.

Thoughts on Apple Vision Pro and its impact on mixed-reality technology?
– select any or all that apply –

Loading ... Loading …

The fusion of real-world interaction with immersive experiences is a game-changer.
Intrigued by its design and features but deterred by the $3,499 price.
Interested but waiting for user reviews to surface in 2024.
Mixed reality is more of a novelty than a necessity.
Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor
New HP and Sonos Devices Accentuate the Ultimate Home Office Workstation
Qualcomm’s Gen AI: A Unique Opportunity Beyond Innovation
Linux? What Linux? It Just Works
Selecting the Right SBOM for Your Enterprise
Personal Data Harvesting and How To Reduce Your Digital Footprint
Canonical Broadens Commercial OpenStack to Small Clouds
The Future of AI in Retail: Beyond the ChatGPT Hype
The AI Revolution Is at a Tipping Point
EdTech Developer’s Study Game Approach Aces Med School Testing Curve
DOJ, Five Eyes Nations Unite To Dismantle Russian Cyber-Espionage Network
2024 and How the Coming CPU War Is Likely To Play Out
Digital Health Care Flourishing Despite Legal, Logistical Hurdles
Telly Offers Half-Million Free 55-Inch 4K TVs, Advertisers To Pick Up Tab
Leverage the Power of Data To Monitor Home Energy Efficiency
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Cyber Chiefs Brace for Major Attacks in Next 12 Months
RSA Conference Rebounds as Business Risks Soar
Mobile Shopping Apps Linked to Digital Wallets: A Loyalty-Driving Duo
New Distro Makes Running Arch Linux Very ‘Cachy’
Researchers Instantly Crack Simple Passwords With AI
Poly Voyager 60 Series Earbuds Provide a Premium Audio Experience
Is ChatGPT Smart Enough To Practice Mental Health Therapy?
Google Invites Public To Test Drive Its AI Chatbot Bard
Are Mainframes an Indicator of Banking Reliability?
Google Taking Pre-Orders for Its First Foldable Phone
Social Media Fueled the Run on Silicon Valley Bank: Study
DARPA Moves Forward With Project To Revolutionize Satellite Communication
Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
Study Finds AI Threatening Many Women’s Jobs
The Importance of Microsoft’s 5-Point Blueprint for Public Governance of AI
Study Finds EV Battery Replacement Rare, Most Covered by Warranty
Why Nvidia Is Winning the Race To Dominate the Metaverse
HP Affirms ‘Better Together’ at Its Amplify Event
Female Army Veteran Uses Tech To Help Create a Better Future
Copyright 1998-2023 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.


Related Posts