Unleashing the Power of AI in Cybersecurity: Safeguarding Against Cyber Threats
Published on: March 10, 2024
A new cybersecurity report by SlashNext has uncovered a dramatic rise in AI-driven phishing attacks, marking a significant shift in the landscape of cybercrime. Since the fourth quarter of 2022, there has been a 1,265% increase in malicious phishing emails, with a notable 967% rise in credential phishing.
The report, which synthesizes insights from SlashNext's threat intelligence and a survey of over 300 North American cybersecurity professionals, points out that cybercriminals are increasingly leveraging generative AI tools, such as ChatGPT, to craft sophisticated business email compromise (BEC) and other phishing attacks.
On an average day, approximately 31,000 phishing attacks are launched, with nearly half of the surveyed professionals reporting BEC attacks and 77% experiencing phishing attempts. Patrick Harr, CEO of SlashNext, emphasized the role of generative AI in escalating the speed, volume, and complexity of these attacks.
The correlation between the launch of ChatGPT and the surge in phishing emails was highlighted, indicating how AI chatbots have simplified the process for even novice cybercriminals, while aiding more experienced attackers in executing targeted attacks at scale.
Financially, phishing attacks have been highly lucrative, with BEC alone accounting for about $2.7 billion in losses in 2022, as per the FBI's Internet Crime Report. This profitability is driving a persistent increase in phishing and BEC attempts.
The report also sheds light on emerging threats, such as AI 'jailbreaks,' where hackers manipulate AI tools to bypass legal use guardrails. This enables attackers to transform tools like ChatGPT into mechanisms for extracting sensitive data or credentials.
Chris Steffen, Research Director at Enterprise Management Associates, emphasized the enhanced believability of phishing emails created by AI. The sophistication of these messages, which can mimic styles and include personalized details, significantly increases their credibility and effectiveness.
To combat these advanced threats, Steffen recommends continuous end-user education, implementing AI and machine learning-based email filtering tools, regular security audits, and bolstering existing security infrastructure. A zero-trust strategy is also suggested to mitigate control gaps and provide layered defenses against AI-generated email attacks.