The utility of AI for businesses is undeniable. Recent iterations that leverage LLM (Large Language Model) are better than ever at generating content and helping us save time and effort. The challenge is that bad actors (hackers) also have AI and are using it effectively to launch more cybersecurity attacks than ever before. They’re also more sophisticated and harder to detect. Almost makes you miss that Nigerian Prince.
How AI Makes Phishing Attacks More Dangerous
When you stop to break down what attackers need to do to create a compelling phishing campaign, content writing is a big part of it. Personalized content works best. Traditionally, that kind of personalization takes a lot of time and energy to get right. AI allows attackers to do things like analyze social media, online activity, and other public information to create targeted attacks that garner urgency from the mark.
In addition, AI allows attackers to solve the language problem. Historically, one of the things that helped us spot phishing attacks was that they were frequently written by folks who didn’t speak English as their first language. Those small mistakes in grammar, or syntax would tip us off that something was up. AI can generate targeted emails with perfect grammar and spelling.
Attackers frequently leverage current events to add urgency to their phishing attacks. AI allows them to incorporate current events, recent interactions, or other news to create more convincing phishing messages.
Lastly, AI allows attackers to do this at a speed and scale that they’ve never been able to manage before. The future of cybersecurity relies on adjusting tactics to protect against increased volume and quality of attacks, and using AI based tools to fight AI based attacks.
Other AI Threats
While phishing is a key attack vector for bad actors using AI, it’s not the only one. AI models are also making it possible and easier than ever to replicate a human voice. This is especially true if you have any samples of you speaking anywhere online that are publicly accessible. They can feed that video you have online into AI as a sample of your voice, and then train AI to say anything they like. The scary part is that it can sound exactly like you.
This type of attack is called Vishing (Voice Phishing). You can imagine that it can be used for any number of things but is frequently deployed to make a phone call to an individual impersonating someone they trust and asking them to take specific action. If the CEO calls you, you hop to it. The bad guys know this and leverage that position of trust to deceive.
Deepfakes are the same type of attack but are typically audio and video. The attackers use video samples and photos to create a photorealistic version of an individual, and make them say whatever they please.
Impact of AI on Attack Effectiveness
A recent study by Keeper showed that IT leaders are witnessing AI-powered attacks increase at a rate of 51%.
AI use by bad actors is prevalent and gaining steam. It’s anticipated that this trend will continue for years to come as iterative generations of AI keep improving and language models get even better.
For attackers it’s no brainer. It allows them to attack more targets faster and with much higher accuracy. That leads to higher win rates and profits for the bad guys. Many of these groups are highly organized and operate exactly like a business.
How to Protect Your Business
There is a lot that businesses can do to protect their business. Having the right layered security solution in place is important. It’s also more critical than ever to train your employees on how to stay safe online. Here are a few things to consider.
- User Education – It’s more critical than ever to ensure that your employees have the right training on how to avoid cyber security threats.
- Endpoint Detection and Response – You can fight fire with fire. Huntress EDR software uses AI to help protect your systems against potential threats and detect AI created attacks.
- Managed Detection and Response for Email (MDR) – Another great layer of protection against phishing threats is having an MDR solution in place. This allows you to continuously monitor email traffic using a combination of security tools and human expertise to detect suspicious activity. The best ones also have a 24/7 security operations center attached where humans respond to critical threats.
- Company Policy – Most companies have policies for acceptable use. Consider additional policies or training for your employees that addresses how they share personal information over email or other places online.
- Multifactor Authentication – Many attacks rely on compromising a company email. MFA gives you another layer of protection from attackers and can prevent unauthorized access.
- Password Manager – Using a quality password manager like Keeper will help you stay safe online. It also prevents you from being caught using the same password for everything or not having the necessary complexity to stay safe.
Fight Fire with Fire
Another thing to consider when protecting against AI powered cyber security attacks is whether your current IT security tools are leveraging AI to fight AI. Best in class security products are incorporating AI into their products to better protect against AI based threats. Here’s how they’re using it.
- AI powered security products can analyze vast amounts of data in real time and identify anomalous behavior or potential threats.
- They can recognize patterns much faster than humans that might indicate a larger targeted attack.
- Security tools can monitor user behavior across the network to detect any unusual activity.
- AI powered security tools can also offer an automated response. This allows you to isolate a machine from the rest of the network or block malicious traffic when a threat is detected. They’re always on and faster than humans.
Take Aways
AI is being leveraged heavily by bad actors to make cyberattacks more effective than ever before. Users need to be better educated than ever before to stay safe online, and businesses need to ensure they have quality training and layered cybersecurity to defend against evolving attacks.
i.t.NOW has the right tools and security experts to help protect your data and keep your employees safe online. Reach out to us today for a free security analysis.
This article was written by a human, Mike Herrington. I consult with business owners about their technology and cybersecurity solutions. I’d love to see how we can help your business.
Photo by Andrea De Santis on Unsplash
