Gone Phishing: How Loudoun Small Businesses Can Outpace AI Threats
By Gabriella Smyth, Cybersecurity Professional and Guest Author
Artificial Intelligence is transforming the cyber domain. Both a creative and destructive force, it can operate as our most valuable stronghold, or our most formidable foe. From identifying and exploiting vulnerabilities faster than ever before, to threat detection at machine speed, AI is revolutionizing how threat actors attack, and how organizations defend themselves. This dual-use of AI—to both defend and attack—means that defenders need to be able to have the same or better tools and capabilities, and operate at a faster speed than that of our adversaries. Operating a Security Operations Center (SOC) with processes and tools from two years ago is akin to bringing a knife to a gunfight—outpaced, outmatched, and vulnerable, even against less sophisticated threat actors.
This article will discuss how AI is being leveraged for both offensive and defensive purposes for the phishing threat, and how organizations can level the playing field to defend with speed and accuracy.
Sophisticated Phishing Attacks
It used to be easier to spot a phishing email–they would often be riddled with misspellings, incorrect grammar, or present with a robotic, non-human tone. With the rise of AI, cybercriminals and threat actors are leveraging AI’s natural language processing, emotion simulation, and advanced algorithms to ensure phishing is still one of the most prolific and successful attack vectors. These technologies make communication sound more human, thus adding to the credibility of these malicious messages. The use of large language models ensures that communications are error-free and can be sent to a large swath of potential victims in one go. These phish can be tailored to specific target sets through the use of automated social engineering. Automated social engineering uses AI to crawl social media profiles and other publicly available information to build tailored digital identity profiles, which enables credible social engineering attacks. All of these factors drive towards a higher probability of successful social engineering by malicious cyber actors whose end goal is to steal or to gain unauthorized access. This technology also affords threat actors the ability to mount comprehensive, concurrent campaigns, increasing the probability of success.
Defenders should be using AI to counter the increase in phishing frequency and sophistication. AI models can be used to scan incoming emails to search for anomalies such as unusual sender addresses, deliberate mistypes in URLs, and other inconsistencies. Natural language processing assists with identifying a potential phish that conveys urgency or contains language that threatens negative consequences if an action is not taken. AI image recognition tools can identify if there are fake logos and headers, and if there are malicious links embedded within an image.
As a result of threat actors leveraging AI, attack speed and ubiquity have increased dramatically, and defenders must be keen to use AI and machine learning to harden defenses, more quickly identify cyber attacks, and contain at scale; otherwise, incident response teams will be overwhelmed, companies will suffer revenue loss and reputational damage, and we will be using yesterday’s solutions in trying to respond to tomorrow’s fallout.
This article was prepared by the author in their personal capacity. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy, opinion, or position of their employer.