UPDATED 06:00 EST / DECEMBER 19 2023

SECURITY

New report warns of a rise in AI-generated email fraud and phishing attacks

A new report released today by cybersecurity company Abnormal Security Corp. is warning of a rise in artificial intelligence-generated email attacks and the rising threat presented by cyber criminals who continue to adopt AI in their everyday use.

According to the report, the accessibility of generative AI technologies such as ChatGPT has led to their misuse in creating advanced cyberthreats. The AI tools enable attackers to craft unique and sophisticated content rapidly, making it difficult for traditional security software to detect these threats.

Attackers have started using generative AI to enhance social engineering tactics. Examples include using the ChatGPT application programming interface for realistic phishing emails and creating malicious AI platforms such as WormGPT and FraudGPT, which lack ethical guardrails.

The report discusses several instances of AI-generated attacks detected by Abnormal, such as malware delivery attempts posing as insurance companies, Netflix impersonation for credential phishing, and invoice fraud by impersonating a cosmetics brand. The attacks use sophisticated language and lack the usual signs of phishing, such as grammatical errors, making them more convincing to potential victims.

Abnormal Security Chief Information Security Officer Mike Britton, the report’s author, notes that traditional email security solutions struggle to identify these AI-generated attacks as they are text-based, originate from legitimate email services and rely heavily on social engineering. An absence of common indicators, such as typos or grammatical errors, makes it harder for humans to recognize these as attacks.

Malicious emails “land in employee inboxes where they are forced to make a decision on whether or not to engage and with AI completely eliminating the grammatical errors and typos that were historically telltale signs of an attack, humans are much more likely to fall victim than ever before,” Britton notes.

The report argues that to combat these threats, companies need to adopt AI-native cybersecurity measures, solutions that go beyond traditional methods. That includes understanding the identity and behavior of individuals within an organization, contextual communication and the content of the emails, offering a more effective defense against AI-generated attacks. “For security leaders, this is a wakeup call to prioritize cybersecurity measures to safeguard against these threats before it is too late,” Britton adds.

Image: Needpix

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU