The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports.
The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.
“The malicious potential of AI has been compounded by an explosion of AI-powered tools available in underground forums,” the CSA says. “Cybercriminals are peddling fake social media accounts and content generated by AI, as well as AI services to fully automate the maintenance of these accounts. Developers have also sold impersonation services that employ deepfake voices, and AI-generated spam that can bypass anti-spam and anti-phishing controls of popular webmail services.”
The CSA cites a report from iProov that observed a 704% increase in the use of deepfakes for social engineering over the course of 2023.
“Attempts to weaponise deepfake technology for scams or fraud will continue to grow, given the widespread accessibility of tools to create highly convincing deepfakes at a relatively low cost,” the CSA says.
While these attacks have grown more sophisticated, the same security best practices can be used to defend against them. User awareness training can provide an essential layer of defense by teaching employees to recognize the hallmarks of social engineering.
“Conventional cyber hygiene measures remain largely relevant at mitigating the AI-enabled threats at present, and individuals and companies should continue to adopt these measures,” the CSA says. “For example, users should continue implementing tight access controls to their accounts [e.g. using strong passwords and multifactor authentication (MFA)], regularly updating software and patching vulnerabilities, and educating employees on how to recognise and handle cybersecurity threats.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Channel News Asia has the story.