AI Tools Have Increased the Sophistication of Social Engineering Attacks

Stu Sjouwerman | Aug 6, 2024

Social Engineering for EspionageThe Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports.

The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.

“The malicious potential of AI has been compounded by an explosion of AI-powered tools available in underground forums,” the CSA says. “Cybercriminals are peddling fake social media accounts and content generated by AI, as well as AI services to fully automate the maintenance of these accounts. Developers have also sold impersonation services that employ deepfake voices, and AI-generated spam that can bypass anti-spam and anti-phishing controls of popular webmail services.”

The CSA cites a report from iProov that observed a 704% increase in the use of deepfakes for social engineering over the course of 2023.

“Attempts to weaponise deepfake technology for scams or fraud will continue to grow, given the widespread accessibility of tools to create highly convincing deepfakes at a relatively low cost,” the CSA says.

While these attacks have grown more sophisticated, the same security best practices can be used to defend against them. User awareness training can provide an essential layer of defense by teaching employees to recognize the hallmarks of social engineering. 

“Conventional cyber hygiene measures remain largely relevant at mitigating the AI-enabled threats at present, and individuals and companies should continue to adopt these measures,” the CSA says. “For example, users should continue implementing tight access controls to their accounts [e.g. using strong passwords and multifactor authentication (MFA)], regularly updating software and patching vulnerabilities, and educating employees on how to recognise and handle cybersecurity threats.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Channel News Asia has the story.

Uncover Technical Blind Spots and Exfiltration Risks with Free BreachSim

Data exfiltration is a critical target for cybercriminals, yet most organizations fail to detect breaches internally. Run our 100% harmless BreachSim tool on Windows 10+ workstations to safely simulate over 12 realistic data exfiltration scenarios following the MITRE ATT&CK framework, pinpoint your infrastructure’s weaknesses, and get actionable results in minutes.

Launch Your Free Breach Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.