A new report released today by cybersecurity company Abnormal Security Corp. is warning of a rise in artificial intelligence-generated email attacks and the rising threat presented by cyber criminals who continue to adopt AI in their everyday use.

According to the report, the accessibility of generative AI technologies such as ChatGPT has led to their misuse in creating advanced cyberthreats. The AI tools enable attackers to craft unique and sophisticated content rapidly, making it difficult for traditional security software to detect these threats.

Attackers have started using generative AI to enhance social engineering tactics. Examples include using the ChatGPT application programming interface for realistic phishing emails and creating malicious AI platforms such as WormGPT and FraudGPT, which lack ethical guardrails.

The report discusses several instances of AI-generated attacks detected by Abnormal, such as malware delivery attempts posing as insurance companies, Netflix impersonation for credential phishing, and invoice fraud by impersonating a cosmetics brand. The attacks use sophisticated language and lack the usual signs of phishing, such as grammatical errors, making them more convincing to potential victims.

Abnormal Security Chief Information Security Officer Mike Britton, the report’s author, notes that traditional email security solutions struggle to identify these AI-generated attacks as they are text-based, originate from legitimate email services and rely heavily on social engineering. An absence of common indicators, such as typos or grammatical errors, makes it harder for humans to recognize these as attacks.

Malicious emails “land in employee inboxes where they are forced to make a decision on whether or not to engage and with AI completely eliminating the grammatical errors and typos that were historically telltale signs of an attack, humans are much more likely to fall victim than ever before,” Britton notes.

The report argues that to combat these threats, companies need to adopt AI-native cybersecurity measures, solutions that go beyond traditional methods. That includes understanding the identity and behavior of individuals within an organization, contextual communication and the content of the emails, offering a more effective defense against AI-generated attacks. “For security leaders, this is a wakeup call to prioritize cybersecurity measures to safeguard against these threats before it is too late,” Britton adds.

Image: Needpix