A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.
According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.
Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.
The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.
However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.
In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.
Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.