Expect Malicious Machine Learning In 2017, making social engineering more effective

Intel Security's McAfee Threat Predictions for 2017 (PDF) observes that advances in technology are essentially neutral and that developments like machine learning should be welcomed, but they will also become available to cybercriminals. Machine learning in particular is something that can be misused.

Intel Security's Eric Peterson cites CEO Fraud (The FBI calls it Business Email Compromise) – where individuals in companies are targeted through social engineering, and manipulated to fraudulently transfer money to criminal-controlled bank accounts.

There have been instances where the attacks have coincided with business travel dates for executives to increase the chances of the attack's success, Peterson says. Combine petabytes of publicly available data with open source analysis tools and it is entirely possible, the company warns, that criminals could build malicious machine learning algorithms to pick targets more precisely and with greater levels of success.

"Looking to 2017 and beyond, we might even see purveyors of data theft offering 'Target Acquisition as a Service' built on machine learning algorithms," Peterson says. "We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017."

Something to watch out for.

Fortunately, KnowBe4 is working on heading off the bad guys at the pass with our AIDA project.

Meet AIDA – your smart sidekick that trains your employees to make smarter security decisions.

AIDA stands for Artificial Intelligence Driven Agent and uses artificial intelligence to dynamically create integrated campaigns that send emails, text and voicemail to an employee, simulating a multi-vector social engineering attack. It attempts to have the employee either click on a phishing link, tap on a link in a text message, or respond to a voice mail – any of which could compromise your network. In short, AIDA uses Artificial Intelligence to inoculate your employees against social engineering.

Tired of always being in reactive mode?

AIDA is a dramatic step in the race to get ahead of the bad guys. AIDA's interface is deceptively simple. You just name the campaign and choose the group of employees. That is all. AIDA does the rest, and you will see the reports of who clicked, tapped and/or responded to a voicemail.

We feel this is an incredibly exciting development and finally allows you to get proactive!

At the time of this writing (1/2/2017) AIDA is in Beta, but limited to existing KnowBe4 customers because you need a full account to enable AIDA. The AIDA Beta has been opened up to all users of the KnowBe4 console. You can enable participation in this beta program by going into the Account Settings portion of your console, scrolling down to the Phishing settings, checking the “Enable AIDA Beta” checkbox, and saving the settings.

Warm regards,

Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.