The attackers try to catch the big fish in the company: In cybersecurity, this is called “whaling”. AI-powered whaling attacks threaten CEOs, lawmakers and the military. “Harpoon Whaling” is the refined method with VIP service.
“Whaling” is about catching big fish. The targets of cybercriminals are executives of successful companies, high-ranking officials and military personnel. It's about stealing information or siphoning off large sums of money. The Harpoon Whaling in particular - a subspecies of Whaling - is perfidious because the attackers automatically collect extensive information about their victims and classify it using nested AI processes in order to achieve maximum efficiency.
AI writes deceptively real messages
“Dear George,
An enthusiastic thank you for the irresistible job offer and the documents sent - I can't wait to become part of your visionary team. I was very touched by your words and I look forward to achieving great things together.
With a radiant smile, Susanne”
Would you have immediately noticed that this text was completely AI-generated? Harpoon Whaling is a targeted and highly sophisticated form of AI-powered social engineering fraud. Typically, the scammers use urgent emails that are loaded with personalized information about the high-profile victim. This not only includes work-related data, but criminals are also increasingly taking the tactics of romance scammers as a model. They use subtle (romantic) signal markers such as gender preference, which voice types the victim finds attractive, and so on, to manipulate the target person. If they succeed, the “whale” may even fall in love with an AI-generated profile.
Whale spotted! – AI-powered whaling attacks threaten CEOs, lawmakers and the military
With AI-powered tools for information gathering, copywriting and data management, the efficiency of such attacks increases. The fraudsters are able to write personalized texts that appear deceptively real in a short time and with little effort. Carrying out whaling attacks on hundreds of executives at the same time is no problem with this sophisticated method. But to understand why Harpoon Whaling is so effective, you first have to compare the methodology with other phishing variants.
Dive deep – what differentiates Harpoon Whaling from phishing
In traditional phishing attacks, malicious actors send phishing emails to as many people as possible. Although this type of attack is easily scalable, the profit and probability of success are low compared to more sophisticated types of attacks. Whaling, on the other hand, involves sending a very believable email to a high-ranking person in order to steal large amounts of money or important information. For this purpose, the fraudsters carry out detailed, targeted and later person-specific research on the victims before an attack. Attackers interested in financial affairs research targets in the financial industry, and those targeting government affairs often select high-ranking officials. However, this type of fraud requires a lot of manual work, human judgment and manual intervention.
With Harpoon Whaling, on the other hand, the process of obtaining information and creating text is highly automated, for example using AI-supported tools. This increases the efficiency and threat of such attacks enormously. AI tools like ChatGPT make it possible to combine personalized messages from whaling attacks with the scalability of phishing attacks. It is therefore expected that this method will be used much more frequently than before. The circle of perpetrators is also expanding as technology enables more people to carry out such attacks.
Can AI-supported harpooning be prevented efficiently?
AI tools like ChatGPT make it possible to carry out the whaling process on multiple nested levels of automation. For example, criminals create particularly manipulative “signal words” that are assigned to certain groups of people. In addition, such a system is able to target identified similarities, identify and prioritize threatening behavior according to expected revenue, and continuously adapt whaling messages. ChatGPT has the ability to adaptively coordinate a chain of messages that increase in emotional intensity while remaining congruent with the content of previous messages. In this way, stringent and at the same time (romantically) escalating conversations can be simulated over several contacts.
Harpoon Whaling also often uses a pre-trained, generative AI language model. This makes it possible to carry out targeted attacks on various curated distribution lists at the same time. Such lists consist of many managers or high-ranking officials, for example “all bank executives”, “all high-ranking police officers” or “all politicians in country X”.
New attack variants overcome defense
Because these attack variants are new, most traditional defense methods will not work. As a group that is particularly targeted by attacks, it is advisable for managers to defend themselves with several combined approaches.
Security service providers like Trend Micro are able to assist in this defense fight. You use security approaches such as proactive and comprehensive risk management and zero trust in a targeted and effective manner. High-risk behaviors can be identified and which leaders are most vulnerable to these types of attacks can be predicted. New technology makes it possible to specifically identify and analyze the conversation patterns of those most at risk in order to draw conclusions about where protective measures and training for managers are most needed. So whalers have no chance.
More at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.