While AI offers new opportunities for efficiency, creativity and personalization of phishing lures, it is important to remember that IT security is poorly adapted to such attacks.
It's a good opportunity to update the training programs to educate employees on the new technologies and trends in phishing/smishing/vishing tactics and encourage them to be more vigilant. We may see an increase in highly individual and persuasive baits on a large scale. It is now much easier and faster for cybercriminals to commission an AI to compose a message that contains a call for the sharing of confidential information.
Mail recipient is the first line of defense
While the recipient of a phishing message is often the first line of defense, it's important that organizations also invest in measures such as email, DNS, network and endpoint monitoring and response capabilities. Phishing and other forms of social engineering are very successful even without the use of AI extensions for attackers. Therefore, well-documented, well-rehearsed incident response and containment procedures are essential to your security program.
Organizations need to ensure they are following best practices for multi-factor authentication and awareness of evasion attempts such as MFA bombing or social engineering tactics. Finally, organizations should be aware of emerging threat data related to email-borne threats, such as the use of compressed file formats, .lnk or .one files, in addition to traditional methods such as Office macros. Policies are needed to regulate execution options.
Machine learning
Perhaps most importantly, technologies like these envision the future of data analytics at scale through machine learning. While not specific to large language models like ChatGPT, I believe we will see a rapid proliferation of tools that provide not just data, but parsed data with enrichment and context. The amount of data that even a small security operations center faces today is staggering, and the ability to effectively correlate and analyze that data and move on to investigation and containment is a time-consuming requirement that requires very expensive tools and talent required to fulfill them.
I envision a future where an analyst receives an alert and is able to ask, "Why do I care?" “Is this report more important than the report that came in 10 minutes ago? “Suggest next steps for triage and forensic capture based on this report” and having a partner (in the form of AI) to stand by him in the event of an incident. Some may sound the alarm about job losses, but I would say no cause for concern. Safety is really an art and you have to understand human behavior.
AI has no ability to put itself in the shoes of an attacker or a victim, and in my experience it can tempt to put itself in the attacker's shoes too much. While AI is a powerful addition to intelligence, it will never replace it. And maybe we should think the same way – AI is less about artificial intelligence and more about expanding the capabilities and speed of human intelligence, problem solving and creativity. (Melissa Bischoping Director, Endpoint Security Research at Tanium)
More at Tanium.com
About Tanium
Tanium, the industry's only Converged Endpoint Management (XEM) provider, is leading the paradigm shift in traditional approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, compliance, security, and risk into a single platform. The Tanium platform provides comprehensive visibility across all devices, a unified set of controls, and a common taxonomy.