Cybersecurity experts expect to see threat actors increasingly make use of AI tools to craft convincing, highly targeted and sophisticated social engineering attacks, according to Eric Geller at the Messenger.
“One of AI’s biggest advantages is that it can write complete and coherent English sentences,” Geller writes. “Most hackers aren’t native English speakers, so their messages often contain awkward phrasing, grammatical errors and strange punctuation. These mistakes are the most obvious giveaways that a message is a scam. With generative AI platforms like ChatGPT, hackers can easily produce messages in perfect English, devoid of the basic mistakes that Americans are increasingly trained to spot.”
In addition to assisting in social engineering attacks, AI can be abused to write malware or help plan cyberattacks.
“Programs like ChatGPT can already generate speeches designed to sound like they were written by William Shakespeare, Donald Trump and other famous figures whose verbal and written idiosyncrasies are widely documented. With enough sample material, like press statements or social media posts, an AI program can learn to mimic a corporate executive or politician — or their child or spouse. AI could even help hackers plan their attacks by analyzing organizational charts and recommending the best targets — the employees who serve as crucial gatekeepers of information but might not be senior enough to constantly be on guard for scams.”
It’s still too early to foresee all the ways in which AI can be used for malicious purposes, but organizations should anticipate evolving social engineering tactics in the coming years.
“It’s hard to predict the exact consequences of the AI revolution for phishing campaigns,” Geller concludes. “Cybercriminals are unlikely to use AI’s advanced analytical features for run-of-the-mill scams. But sophisticated criminal gangs might lean on some of those tools for major ransomware attacks, and government-backed hacking teams will almost certainly adopt these capabilities for important intelligence-gathering missions against well-defended targets....And the easier it becomes to use AI for cyberattacks, the more likely it is that innovative attackers will come up with previously unimagined uses for the technology.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The Messenger has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
