By John P. Desmond, AI Trends Editor
AI cybersecurity tools are beginning to focus on a rising number of phishing attacks, which involve fraudulent messages aimed at getting the victim to reveal sensitive information or to unwittingly deploy malicious software.
Attackers used fears related to COVID-19 to ramp up. In the spring of 2020, Google reported blocking 100 million phishing emails a day meant for the 1.5 billion users of Gmail, according to an account from the BBC. Google reported its machine learning tools can block virtually all the attacks. Another observer, Barracuda Networks, offering security products, said it had seen a 667% increase in malicious phishing emails during the pandemic.
The pandemic accelerated a trend towards an increasing number of phishing websites, aimed at tricking the user into giving up confidential information. Phishing websites detected by Google have increased in number by 13% every year since 2015, according to a recent account in Forbes.
Phishing attacks via mobile smartphones are among the fastest-growing threat categories, according to a 2020 report from Verizon, also reported in Forbes. Over 90% of breaches started with a phishing attack, with more than 60% of those emails being viewed on mobile phones, Verizon reported.
“Mobile devices are popular with hackers because they’re designed for quick responses based on minimal contextual information,” stated Louis Columbus, principal of iQMS, part of Dassault Systemes, author of the Forbes account. “Applying machine learning to harden mobile threat defense deserves to be on any CISO’s priority list today,” he stated.
Google’s use of machine learning to thwart the skyrocketing number of phishing attacks provides insights. Microsoft also blocks billions of phishing attempts each year on Office365, by using heuristics and machine learning. Microsoft recently announced new anti-phishing protections in Microsoft 365.
Microsoft identified specific categories of phishing, including:
- Spear phishing, using focused, customized content specifically tailored to the targeted recipients (typically, after reconnaissance on the recipients by the attacker);
- Whaling, in which cybercriminals masquerade as a senior executive in an organization, a high-value target for maximum effect;
- Business email compromise (BEC), uses forged trusted senders (financial officers, customers, or trusted partners) to trick recipients into approving payments, transferring funds, or revealing customer data; and
- Ransomware, that encrypts your data and demands payment to decrypt it, almost always starts out in phishing messages. Anti-phishing protection can help detect the initial phishing messages associated with the ransomware campaign.
Machine Learning Engine Seen Capable of Defending Against Phishing
“The proliferating number of threat surfaces all businesses have to contend with today is the perfect use case for thwarting phishing attempts at scale,” stated Columbus of iQMS. “What’s needed is a machine learning engine capable of analyzing and interpreting system data in real-time to identify malicious behavior.”
The machine learning algorithm needs to factor in device detection, location, and user behavior patterns. The engine needs to have the capacity to analyze millions of data points so it is likely cloud-based. It needs to learn over time and protect every end point connected to WiFi or a network. Predictive modeling-based machine learning data needs to be captured at the device endpoint.
“CISOs and teams of security architects need to put as many impediments in front of threat actors as possible to deter them, because the threat actor only has to be successful one time, while the CISO/security architect has to be correct 100% of the time,” Columbus stated.
Phishing Attacks Increasing Dramatically in 2021
In 2021, the frequency of phishing attacks has doubled compared to 2020, according to Jelle Wieringa, Security Awareness Advocate with KnowBe4, as reported in an interview in Toolbox.
“This has imposed a huge strain on organizations. It is not just the number of attacks but also the complexity of attacks that organizations had to deal with in the recent past,” he stated.
Security awareness training helps to focus on the human element, where most social engineering hacks are aimed. The ideal way to train is to focus on each individual user, he stated. KnowBe4 has developed an AI-enabled tool that collects data related to an individual, then creates a specific training program. It takes into account multiple factors including maturity level, prior knowledge, and prior training.
“An organization can effectively defeat cybersecurity threats only if those at the top demonstrate cyber accountability,” stated Wieringa.
This may not be the case, according to a recent survey from HelpNetSecurity, which found that one in four cybersecurity leaders use the same password for both work and personal accounts, 45% connect to public Wi-Fi without using a VPN, 48% log in to social networks using their work computers, and 77% accept connection requests from unknown individuals.
The survey, conducted by Constella Intelligence, offering digital risk protection services, polled over 100 global cybersecurity leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications. The results showed 57% of respondents have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).
“More than ever before, individuals and companies alike need to ensure that a robust and secure environment is in place,” stated Kailash Ambwani, CEO of Constella. “Amidst the rise in cyber attacks to organizations, many of which are perpetrated through C-suite impersonations, employee cybersecurity awareness is now arguably as important as an organization’s security infrastructure. And as the professional and personal spheres become increasingly digitally intertwined, both leaders and employees must pay close attention to the role each one of us plays in collective cybersecurity hygiene.”
Check to See How Smart is the AI
As for the application of AI techniques to combat phishing attacks, it’s a ‘buyer beware’ scenario. “The mere fact that a company is using AI or ML in their product is not a good indicator of the product actually doing something smart,” stated Raffael Marty, SVP of Cyber Security for ConnectWise, offering IT management software, in a recent account in VentureBeat.
He does see promise in the following areas:
Use of Natural Language Processing and Natural Language Understanding to study email habits and then identify malicious activity. “We have seen some successes in topic modeling, token classification of things like account numbers, and even looking at the use of language,” he stated.
Leveraging graph analytics to map out data movement and data lineage to learn when extraction or malicious data modifications are occurring. “It’s a hard problem on many layers, from data collection to deduplication and interpretation,” Marty stated, adding that he does not know of a company or product that does this well yet.