Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Defender. Show all posts

AI-Generated Phishing Emails: A Growing Threat

The effectiveness of phishing emails created by artificial intelligence (AI) is quickly catching up to that of emails created by humans, according to disturbing new research. With artificial intelligence advancing so quickly, there is concern that there may be a rise in cyber dangers. One example of this is OpenAI's ChatGPT.

IBM's X-Force recently conducted a comprehensive study, pitting ChatGPT against human experts in the realm of phishing attacks. The results were eye-opening, demonstrating that ChatGPT was able to craft deceptive emails that were nearly indistinguishable from those composed by humans. This marks a significant milestone in the evolution of cyber threats, as AI now poses a formidable challenge to conventional cybersecurity measures.

One of the critical findings of the study was the sheer volume of phishing emails that ChatGPT was able to generate in a short span of time. This capability greatly amplifies the potential reach and impact of such attacks, as cybercriminals can now deploy a massive wave of convincing emails with unprecedented efficiency.

Furthermore, the study highlighted the adaptability of AI-powered phishing. ChatGPT demonstrated the ability to adjust its tactics in response to recipient interactions, enabling it to refine its approach and increase its chances of success. This level of sophistication raises concerns about the evolving nature of cyber threats and the need for adaptive cybersecurity strategies.

While AI-generated phishing is on the rise, it's important to note that human social engineers still maintain an edge in certain nuanced scenarios. Human intuition, emotional intelligence, and contextual understanding remain formidable obstacles for AI to completely overcome. However, as AI continues to advance, it's crucial for cybersecurity professionals to stay vigilant and proactive in their efforts to detect and mitigate evolving threats.

Cybersecurity measures need to be reevaluated in light of the growing competition between AI-generated phishing emails and human-crafted attacks. Defenders must adjust to this new reality as the landscape changes. Staying ahead of cyber threats in this quickly evolving digital age will require combining the strengths of human experience with cutting-edge technologies.

Researchers Develop AI Cyber Defender to Tackle Cyber Actors


A recently developed deep reinforcement learning (DRL)-based artificial intelligence (AI) system can respond to attackers in a simulated environment and stop 95% of cyberattacks before they get more serious. 

The aforementioned findings were made by researchers from the Department of Energy’s Pacific Northwest National Laboratory based on an abstract simulation of the digital conflict between threat actors and defenders in a network and trained four different DRL neural networks in order to expand rewards based on minimizing compromises and network disruption. 

The simulated attackers transitions from the initial access and reconnaissance phase to other attack stages until they arrived at their objective, i.e. the impact and exfiltration phase. Apparently, these strategies were based on the classification of the MITRE ATT&CK architecture. 

Samrat Chatterjee, a data scientist who presented the team's work at the annual meeting of the Association for the Advancement of Artificial Intelligence in Washington, DC, on February 14, claims that the successful installation and training of the AI system on the simplified attack surfaces illustrates the defensive responses to cyberattacks that, in current times, could be conducted by an AI model. 

"You don't want to move into more complex architectures if you cannot even show the promise of these techniques[…]We wanted to first demonstrate that we can actually train a DRL successfully and show some good testing outcomes before moving forward," says Chatterjee. 

AI Emerging as a New Trend in Cybersecurity 

Machine learning (ML) and AI tactics have emerged as innovative trends to administer cybersecurity in a variety of fields. This development in cybersecurity has started from the early integration of ML in email security in the early 2010s to utilizing ChatGPT and numerous AI bots that we see today to analyze code or conduct forensic analysis. The majority of security products now incorporate a few features that are powered by machine learning algorithms that have been trained on massive datasets. 

Yet, developing an AI system that is capable of proactive protection is still more of an ideal than a realistic approach. The PNNL research suggests that an AI defender could be made possible in the future, despite the many obstacles that still need to be addressed by researchers. 

"Evaluating multiple DRL algorithms trained under diverse adversarial settings is an important step toward practical autonomous cyber defense solutions[…] Our experiments suggest that model-free DRL algorithms can be effectively trained under multistage attack profiles with different skill and persistence levels, yielding favorable defense outcomes in contested settings," according to a statement published by the PNNL researchers. 

How the System Uses MITRE ATT&CK 

The initial objective of the research team was to develop a custom simulation environment based on an open-source toolkit, Open AI Gym. Through this environment, the researchers created attacker entities with a range of skill and persistence levels that could employ a selection of seven tactics and fifteen techniques from the MITRE ATT&CK framework. 

The attacker agents' objectives are to go through the seven attack chain steps—from initial access to execution, from persistence to command and control, and from collection to impact—in the order listed. 

According to Chatterjee of PNNL, it can be challenging for the attacker to modify their strategies in response to the environment's current state and the defender's existing behavior. 

"The adversary has to navigate their way from an initial recon state all the way to some exfiltration or impact state[…] We're not trying to create a kind of model to stop an adversary before they get inside the environment — we assume that the system is already compromised," says Chatterjee. 

Not Ready for Prime Time 

In the experiments, it was revealed that a particular reinforcement learning technique called a Deep Q Network successfully solved the defensive problem by catching 97% of the intruders in the test data set. Yet the research is just the beginning. Yet, security professionals should not look for an AI assistant to assist them with incident response and forensics anytime soon.  

One of the many issues that are required to be resolved is getting RL and deep neural networks to explain the causes that affected their decision, an area of research called explainable reinforcement learning (XRL).  

Moreover, the rapid emergence of AI technology and finding the most effective tactics to train the neutral network are both a challenge that needs to be addressed, according to Chatterjee.  

Police in Hong Kong and Interpol Discover Phishing Servers and Apps

 


In a crackdown on phishing syndicates that used 563 bogus mobile applications to spy on phones throughout the world and steal information from them, police in Hong Kong have taken down a local operation of an international group of fraudsters. 

Senior Superintendent Raymond Lam Cheuk-ho of the force's cyber security and technology crime bureau told the News that officers tracked down 258 servers around the world that were connected to the apps. 

Last February, Interpol and the Department of Homeland Security (DHS) began an 11-month joint operation that was codenamed "Magic Flame." 

As a result of this attack, there has been a rise in cybercrime across the world. As a result, some victims have lost their life savings as hackers gained access to their bank accounts and stole their personal information. 

Among those apps, Lam described were those planted with trojans and impersonating businesses like banks, financial institutions, media players, dating and camera apps, among others. 

Cybercriminals kept switching between different servers, some in Hong Kong and others elsewhere. The reason for this was to protect the city's 192 servers from detection. 

Upon discovering that subscribers to those servers were individuals who had set up their online accounts, The Post learned that they were individuals who lived on the Chinese mainland, the Philippines, and Cambodia. 

Hackers are using SMS messages resembling official messages and directing recipients to visit a link in phishing SMS messages that appear to be from official sources. 

Upon clicking the link, the recipient will download the fake applications to their smartphone. If hackers were able to exploit this, they would be in a position to steal the personal information of their victims. This includes their bank account details, credit card numbers, addresses, and photos. 

There would be servers in Hong Kong and elsewhere that would receive such data before it was transferred to another 153 servers located in other areas of the world. 

Wilson Fan Chun-yip, a superintendent at the cybercrime bureau, told the newspaper that the criminals could use the stolen data to make payments and shop online for victims via their accounts. 

Hackers can access all emails, texts, and voice messages, as well as listen to audio recordings and track the location of their targets. They were able to get a glimpse of the contents of their victims' smartphones by turning on their phones and listening to their conversations and eavesdropping on their conversations. 

According to the investigation, the servers contained the personal information of 519 people, mostly from Japan and South Korea, who owned cell phones that were stolen from different countries. Reports indicate that none of the victims were from Hong Kong. 

It is believed that an offshore gang was involved in this crime. This gang took advantage of the city's internet network to carry out its illegal activities,” Lam said at a press conference. 

However, no arrests were made in the city in addition to the incident. However, the police identified some suspects and reported their information to the relevant overseas law enforcement agencies through Interpol. 

After the joint operation with Interpol, Lam believed the syndicate had ceased its unlawful activities. 

There were 473 phishing attacks reported to Hong Kong police in the first ten months of last year, resulting in HK$8.9 million (US$1.1 million) in losses for the Hong Kong Police Department. An individual case resulted in a loss of HK$170,000 from a single transaction. 

According to the FBI, over the past three years, there have been 18,660 reports of cybercrime, a two-fold increase compared to 13,163 cases reported in 2021. Victims reported losing over HK$2.65 billion in losses due to the storm and also lost HK$1,985 million in property damage. 

A sevenfold increase in technology-based crimes was observed in Hong Kong between 2011 and 2021, according to the police. 

Cybercrime reports jumped from 2,206 in 2011 to 16,159 in 2021, while the amount of money jumped 20 times to HK$3.02 billion in 2021. 

In an email or text message, police encourage the public to stay alert. They also urge the public to ensure they do not click on any hyperlinks embedded in the email or text message. This can lead to a suspicious website or app. Furthermore, they urged the public to download only apps from official app stores and not from third-party websites. 

A search engine called "Scameter" was introduced by police to combat online and telephone fraud last September, accessible on the CyberDefender website, where the search engine may be used for free. 

A user can use the Scameter to check whether the risks of receiving suspicious telephone calls, making friend requests, advertising jobs, or visiting investment websites are worth it to them.