Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label phishing threats. Show all posts

UK Cybersecurity Agency Issues Warning: AI to Enhance Authenticity of Scam Emails

 

The UK's cybersecurity agency has issued a warning that artificial intelligence (AI) advancements may make it challenging to distinguish between genuine and fraudulent emails, particularly those prompting users to reset passwords. The National Cyber Security Centre (NCSC), affiliated with the GCHQ spy agency, highlighted the increasing sophistication of AI tools, such as generative AI, which can create convincing text, voice, and images based on simple prompts.

According to the NCSC's assessment of AI's impact on cyber threats, it anticipates a significant rise in cyber-attacks over the next two years. Generative AI, coupled with large language models like those powering chatbots, is expected to complicate the identification of various attack types, including phishing, spoofing, and social engineering.

The agency emphasized that by 2025, assessing the legitimacy of emails or password reset requests would become challenging for individuals, regardless of their cybersecurity expertise. Ransomware attacks, which have affected institutions like the British Library and Royal Mail, are also projected to increase. The NCSC pointed out that AI's sophistication lowers the entry barrier for amateur cybercriminals, enabling them to paralyze computer systems, extract sensitive data, and demand cryptocurrency ransoms.

Generative AI tools are already being used to create more convincing approaches to potential victims by crafting fake "lure documents" without typical errors associated with phishing attacks. While generative AI won't enhance ransomware code effectiveness, it will assist in identifying potential targets.

In 2022, the UK reported 706 ransomware incidents, compared to 694 in 2021, according to the Information Commissioner's Office. The NCSC warned that state actors likely possess enough malware to train AI models capable of creating new code that can evade security measures.

The report acknowledged AI's dual role, stating that it can also serve as a defensive tool by detecting attacks and designing more secure systems. In response to the rising threat of ransomware, the UK government introduced new guidelines, the "Cyber Governance Code of Practice," urging businesses to prioritize information security alongside financial and legal management.

Despite these measures, cybersecurity experts, including Ciaran Martin, the former head of the NCSC, have called for stronger actions. Martin emphasized the need for a fundamental shift in approaching ransomware threats, suggesting stronger rules on ransom payments and abandoning unrealistic notions of retaliatory measures.

Rising Email Security Threats: Here’s All You Need to Know

 

A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.

According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.

Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.

The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.

However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.

In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.

Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.