Artificial Intelligence is a double-edged sword. While it opens a plethora of user cases for making our work and daily lives more efficient, it also empowers cybercriminals to execute more effective attacks.
Phishing, already the most prevalent form of cyberattack with almost 3.4 billion emails sent per day, is now being fuelled with AI, enhancing sophistication and maximizing the likelihood of these attacks succeeding.
A recent study reveals a 60% increase in AI-driven phishing, with higher success rates compared to messages created by human experts. This highlights that AI is not merely a tool but a catalyst in transforming the way these attacks are carried out, underscoring the need to stay ahead of their rapid evolution.
Is it really your CEO? Think Twice
In the GenAI era, the lines between phishing and authentic messages are blurred, making them almost impossible to detect. C-level executives fall as one of the prime targets in cyberattacks due to the amount of sensitive information and authority they wield within an organization. Attackers have elevated phishing to a whole new level with the help of AI tools, engaging in what is known as “whale phishing.”
This method involves leveraging deep fake AIs to impersonate top executives of a company, mimicking their appearance, voice and mannerisms to persuade employees to transfer funds or gain system access, leading to financial and reputational loss.
A stark example would be the attack on an advertising firm where hackers used the CEO’s image to create a fake WhatsApp profile to set up a Microsoft Teams meeting with him and another senior executive. During the call, the attackers used AI voice cloning and YouTube footage to trick the employees into disclosing personal details and transferring money under the guise of setting up a new business. Fortunately, the attempt was a failure due to the vigilance of the company executive.
The sophistication of such attacks reminds us that we no longer can afford to blindly believe someone is who they claim to be simply because they have their image and name on their profile. More than 95% of IT professionals find it challenging to identify phishing attacks crafted with large language models (LLM) like ChatGPT, Gemini and WormGPT. The strategy lies in playing with human psychology and personal information available on the internet to create the most convincing message. These messages often pose as trusted colleagues, incite fear about a potential security breach, or spark curiosity with a “too-good-to-be-true” offer related to a recent purchase, prompting users to click.
How can we outsmart these attacks?
Paradoxically, the defence against these AI-powered attacks is utilizing AI itself. Businesses should consider investing in AI-driven security measures, with Extended Detection and Response (XDR) playing a crucial role in this strategy. XDR constantly monitors the mailbox, scanning for any indicators of compromise (IOC) such as URLs, domains, IP addresses, file hashes, and more.
Additionally, XDR’s behaviour analytics establishes a baseline of typical user behaviour and email traffic patterns. When deviations from this baseline are detected, such as unusual login times, unexpected email attachments, or strange communication patterns, the system flags these anomalies, proactively mitigating phishing attempts within an organization.
Complementing XDR is the role of a Unified Endpoint Management (UEM) solution. Beyond being a repository from which XDRs can leverage endpoint data, UEMs are also essential in the realm of patch management, enforcing password policies and access management. By enabling timely patch deployment, UEM keeps all systems up to date, reducing vulnerabilities that phishing campaigns often exploit. Moreover, consistent password policies across all endpoints, including password complexity, multi-factor authentication, and access controls, protect the major perishable factor – passwords. So, an integration between XDR and UEM creates a comprehensive defense against phishing threats. XDR detects and responds to attacks, while UEM helps lay the first line of defensive protocols in place. If a breach does occur, UEMs can also remotely wipe compromised devices to contain the damage.
Ultimately, the end goal should always be to transition towards a zero-trust architecture. While UEMs and XDRs are essential in this journey, they are not the entire picture. By adopting role-based access controls and rigorously validating every account before it gains any data handling privileges, administrators can fully embrace the tenet – trust none, always verify. This approach helps prevent unauthorized access in the event of a breach and greatly limits potential damage by restricting lateral movement.
Human Vigilance Remains Key
Even with the most advanced security measures, they are rendered ineffective if employees are unaware of the latest phishing techniques and the critical details they need to watch for. Business leaders must invest in effective training programmes that go beyond monotonous lessons on typical markers like poor grammar and failed personalisation. Training needs to include AI-simulated phishing drills that raise awareness of how to validate email sources, verify URLs and domain names against the actual company, and cultivate a sense of scepticism when evaluating highly convincing phishing scenarios.
Additionally, the fundamental practices of enforcing strong, unique passwords for each account, coupled with multi-factor authentication (MFA), remain timeless measures that are always essential.
At ACUTEC, we work with your business to help instil a culture of cybersecurity awareness. We invite you to download our Employee Cyber Security Handbook, designed to help your team better understand cyber threats. If you would like to assess your business network, we are here to help. Contact our team, we’d love to hear from you.