Defending against AI-powered phishing

Phishing attacks are evolving, thanks to the introduction of AI. In this article, we explore this potent combination and provide strategies to fortify defences and stay ahead of the curve.

In today’s world, where technology permeates every facet of our lives, the convenience and efficiency brought about by digital transformation are undeniable. One remarkable subset of this transformation that has quickly become a global sensation is generative AI. From content generation to writing code to generating images, videos and much more, the possibilities are limitless. However, this transformation has also opened Pandora's box, giving rise to a new breed of cyber threats — AI-based phishing attacks.

The evolution of phishing attacks

The term “phishing” may evoke images of crude emails filled with misspellings and dubious claims, but the landscape has transformed dramatically over the years. From the early days of generic mass emails, cybercriminals have honed their tactics to create messages that prey on psychological triggers and exploit human vulnerabilities.

In the nascent stages of phishing attacks, cybercriminals cast wide nets, sending out thousands of emails hoping that a fraction of recipients would take the bait. These emails often contained glaring errors, making them easier to spot. However, the attackers adapted as people became more aware of these tactics.

Realising that personalised messages were more likely to succeed, attackers began to use social engineering techniques, tailoring their messages to exploit personal information gleaned from social media and other online sources. This evolution made it increasingly difficult for individuals to discern legitimate emails from malicious ones.

Now, in the age of intelligent machine learning algorithms, the infusion of AI into phishing attacks has been a game changer.

A potent duo: AI and phishing

Artificial intelligence is a double-edged sword, offering immense benefits while simultaneously amplifying the capabilities of malicious actors. In the realm of phishing attacks, AI provides cybercriminals with powerful tools to create, adapt and launch attacks with unprecedented precision.

These AI-generated emails often mimic the writing style of colleagues, friends or family members, making them virtually indistinguishable from authentic communication. As a result, the human element in detecting phishing attacks has become less reliable, rendering traditional defence mechanisms inadequate.

Every AI chatbot relies on large language models, whether it’s OpenAI’s ChatGPT, Google’s Bard or Microsoft’s AI-powered Bing. Access to such large datasets dramatically speeds up information access and content generation. Phishing attacks targeting specific individuals or organisations have become alarmingly accurate thanks to the contextual knowledge available through these chatbots. By analysing publicly available data and scraping information from social media profiles, attackers can craft emails that reference recent events, projects or even personal interests. The result? An email that appears to come from a trusted source, weaving a seamless tapestry of deception.

Researchers from cybersecurity firm SlashNext recently found a tool called WormGPT being sold on a hacker forum. This ‘black-hat alternative’ to ChatGPT was designed specifically for malicious activities. While tools like ChatGPT have rules in place to try to prevent users from abusing it, WormGPT bars no such convictions and offers limitless attack possibilities.

Unfortunately, AI isn’t just about crafting convincing emails. Every day, scammers are on the hunt for fresh ways to fool users into disclosing their personal information. With the development of deepfake technology, it is becoming more and more obvious that phishing schemes may use this potent tool in the future. Deepfake audio recordings may be used by cybercriminals to make voicemails that seem authentic and can direct the receiver to offer private or confidential data.

Strategies for businesses: fortifying against AI-based phishing

The convergence of AI and phishing requires a holistic and multifaceted approach to cybersecurity. However, every strong security posture necessitates strong fundamentals.

Endpoints and users are ground zero in the cyber warzone, and finding the right tools to protect them is essential. Employing a unified endpoint management (UEM) solution provides the capabilities to monitor and manage every endpoint. UEMs can enforce restrictions on managed devices to block untrustworthy applications and malicious websites or prevent the use of weak passwords. Furthermore, they can remotely set firewalls and filter out emails so that only authorised communication can pass through.

Zero trust network access (ZTNA) and identity and access management (IAM) are two other critical solutions — the former encrypts sensitive data and ensures that every user is authenticated continuously to gain access, while the latter supplements ZTNA by assigning a consistent identity for each user which can be actively monitored. All three solutions lay the groundwork for implementing a zero-trust architecture. Deploying an architecture that involves multifactor authentication, segmentation of networks and continuous endpoint monitoring limits the potential damage even if a breach occurs.

With the basics covered, the next step is to fight fire with fire. The human instinct for detecting deception remains invaluable, but AI can amplify its efficacy. Owing to the rapid increase in AI-powered attacks, it has become challenging to employ enough human security experts to combat this exponentially rising problem. In order to stay toe to toe with them, intelligent automation is essential. By integrating AI-driven email analysis tools into communication platforms, businesses can automatically flag emails with suspicious patterns.

Behavioural analytics is another critical technology in the fight against modern-day phishing. It leverages AI to establish baseline patterns of user behaviour. By swiftly scanning through files and web pages to ascertain the legitimacy of their sources, it provides added visibility for the security operation. When deviations occur, such as an employee clicking on an unusual link, the system can trigger alerts or automatically quarantine suspicious emails. Additionally, by teaching it to quickly identify the precise designs and colour palettes of trademarked websites, it can automatically block any impostor sites that do not adhere to a particular site’s requirements. This approach minimises reliance on recognising known attack patterns and adapts to emerging threats.

Similarly, using natural language processing tools offers helpful context for identifying certain phrasing styles, accents and other verbal components. This would significantly help identify phishing calls that employ deep-fake technologies to sound almost exactly like a company’s C-level executive. If it is unable to find variations from a person’s typical pattern, the system can immediately issue an alert about a possible assault.

Even with all the bases covered and solutions implemented, your employees are still the first bastion to fortify your security architecture. Employees need to be well versed in the evolving tactics of AI-based phishing attacks. Moreover, regular training sessions highlighting the importance of not clicking unknown links or not using personal mail apps on work devices might seem trivial but are paramount. Finally, simulated phishing campaigns, infused with AI techniques, can provide a safe environment for employees to experience real-life scenarios and learn to distinguish genuine communications from malicious ones.

The era of AI-based phishing attacks requires a paradigm shift in our approach to cybersecurity. As these attacks become increasingly sophisticated, businesses must adopt equally sophisticated strategies to counter them. By fostering a culture of continuous learning, integrating AI tools and prioritising a resilient cybersecurity practice, organisations can build a robust defence against AI-based phishing attacks. The essence of the battle lies in leveraging human intuition, supported by AI, to safeguard our digital future in a world of rapid technological advancement.

Image credit: iStock.com/JanWillemKunnen