Cybercrime steals an estimated $600 billion from the global economy every year. In the next several years we can expect that number to reach well into the trillions.
Phishing and spear phishing open most cybercrime attacks. At this point it’s as old as cybercrime itself. So of course it evolves. And like just about everything technological, artificial intelligence will play a greater role in that evolution, as well in the defenses against it.
Already, attackers and defenders have started to arm themselves with ever-more sophisticated approaches.
The first generation of tomorrow’s phishing attacks are in play today.
The First Wave
In these early days of AI-enabled phishing, attackers are using the new technology to more efficiently perform standard phishing tasks, like impersonation and monitoring. Think instead of a standard business email compromise attack, AI chatbots that trick users into clicking malicious links, or using AI to monitor executives’ behavior for more precise, effective, automated spearphishing.
What’s the difference between phishing and spearphishing?
Quick refresher: Spearphishing is phishing’s more targeted version.
A business phishing attack may target every employee or a subset of them. Spearphishing targets one specific individual and usually one with power, the CFO or Director of Operations for instance. Then threat actors leverage social engineering in order to perform a better con. They gather information about the individual and his/her business by following social profiles and discovering anything else they can online.
So at first contact AI-enabled spearphishing has the capacity for greater success if only because of the sheer volume of data and content that AI can search and compile into a convincing mimicry of the truth.
To belabor the metaphor a bit, AI-enabled spearphising is akin to GPS-enabled hunting with a state-of-art, no recoil, band-powered spear gun.
Machine Learning
Machine learning though goes beyond simple automation or even-deep dive research and algorithms. So AI enables not just the ability to scale at a rate beyond human capability, but fundamentally changes the architecture of attacks. Because metal makes different decisions than people it’s better equipped to avoid predictable tactics.
With this kind of paradigm shift, one particular countermeasure works quite well.
Fighting Fire with Fire: Whitehat AI to the Rescue
While it certainly presents myriad new challenges and novel phishing tactics, AI will also help businesses and cybersecurity pros combat phishing attacks. And no doubt some intrepid programmer is developing software for the individual user right now. What might these defenses look like?
Here’s a glimpse.
Simulation in Whitehat AI
TLS Certificates and their calm-inducing green locks help put users’ minds at ease. As the convention goes, if the green lock appears, a site’s encryption shields users from malicious attacks. Like anything that induces trust online, this means TLS certificates make for a big target. Phishers impersonate site certificates and do so evermore convincingly.
With the aid of classification models, neural networks can detect phishing and AI chatbots can waste hackers’ time so that they abandon their efforts and move on to easier targets.
With voice phishing on the rise in South Korea, its watchdog financial agency, in partnership with SK Telecom, plans to develop AI to prevent such attacks. Add to this impersonation detection algorithms like the ones FICO employs and you begin to get an idea of how cybersecurity has the means to stay in step with each jump in AI capabilities.
In fact, you’ve probably already benefited from profiling model technology that flags certain transactions as suspicious. Activities out of alignment with the profile are defined as “suspicious” and AI most likely had a hand in creating current profiles.
The Next Wave
Not quite revolutionary, right? How about repelling attacks before they launch? Under development with the Defense Advance Research Projects Agency and BAE, a prototype Cyber Hunting at Scale (CHASE) plans to offer proactive patrolling. CHASE’s design leverages computer automation, sophisticated algorithms and ultrafast processing speed (at least right now) to track huge volumes of data, and in real time. This allows it to leapfrog human’s abilities. But the program won’t cut people out of its cybersecurity strategy. Instead the program should provide human cyber hunters to access all that information. They’ll use that info to find attacks hidden within mountains of incoming data.
This kind of collaborative model may work best gambit in overcoming AI-enabled phishing attacks, at least for now. No doubt we exist in a watershed moment between today’s technology and tomorrow’s more advanced technoculture.
It’s quite possible the whole notion of phishing will be quaint and antiquated. This is particularly true if we continue to cede control to what were once tools and increasingly are both architect and worker in the modern world. Cue the ominous music, but while it plays don’t forget to stay abreast of the opportunities to work with AI to combat those who would use it as a weapon.