Whereas in the past certain industries were the preferred targets, hackers are now targeting any company potentially able to pay the ransom. In addition, with the help of generative AI systems such as ChatGPT, cybercriminals can carry out far more attacks in less time.
Daniel Hofmann, CEO of Hornetsecurity, explains why generative AI models are becoming a turbocharger for attacks and what good protection should look like. The Cyber Security Report 2023 shows that the most common attack method is still (spear) phishing. These social engineering attacks target humans as the greatest vulnerability and capitalize on moments of inattention and lack of knowledge. They meet us via mass mailings or via individualized spear phishing emails.
While the effort to cover attack chains was previously very high for hackers, generative AI systems are now making it much easier for cybercriminals. They use the AI models to automate the spear phishing attack chains. For example, the system can use the e-mail address of a possible victim to search the Internet for further information such as the position in the company. Since such AI systems are arbitrarily scalable, hackers can create countless variants of spear phishing messages and send them to many different target victims in a very short time.
AI and machine learning are becoming a deception booster
But that's not the end of the story: Machine learning is making AI tools even more attractive to hackers. Because the algorithms enable the tools to continuously optimize themselves and learn new and up-to-date knowledge. This allows the success of spear phishing attacks to be measured and subsequent emails to be adjusted accordingly.
And even more: If an account has already been hacked, earlier message contexts can be accessed in an email thread in order to integrate them into subsequent emails. Using self-learning algorithms, the hackers also have the opportunity to test many different attack options in a short time and to detect the existing IT vulnerabilities.
AI-based deepfake technologies also make it easier for hackers and scammers to get “creative” with voice and video – creating deceptively real imitations, for example. They then fool their victims with so-called voice phishing (vishing). With the latest AI tools, a few minutes are enough to create the fakes from audio or video material.
It's about time!
A new wave of AI-powered cyber attacks is rolling towards companies, government agencies, institutions and utilities. Comprehensive IT security technologies are an absolute must. This includes email filters, firewalls, network and data monitoring tools, and regular software patches. It is important to rely on innovative security tools that use AI to detect attacks. To reduce the risk of account takeovers and identity theft, two-factor identification (2FA) such as FIDO2 (Fast IDentity Online) is also recommended.
Train employees
But security technologies alone are not enough! Companies and authorities must establish a sustainable security culture. It is about sensitizing employees to cyber threats on the one hand and providing them with the appropriate means to be able to recognize such attacks on the other. One way to get there is dedicated and continuous security awareness training. One thing is certain: only those who prepare for the waves of attacks at a technical and employee level can significantly reduce the risk.
More at Hornetsecurity.com
About Hornetsecurity Hornetsecurity is the leading German cloud security provider for e-mail in Europe and protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services via 10 redundantly secured data centers around the world. The product portfolio includes all important areas of e-mail security, from spam and virus filters to legally compliant archiving and encryption, to defense against CEO fraud and ransomware. Hornetsecurity has around 200 employees at 12 locations around the world and operates with its international dealer network in more than 30 countries.