Spotting business email compromise (BEC), phishing, or spearphishing attacks has just become a lot more difficult. Cybercriminals are now leveraging AI (Artificial Intelligence) such as ChatGPT to generate sophisticated, human-like text based on the input it receives. They then use AI technology to create exceptionally convincing fake emails personalized to the recipient.
Bad actors have even created their own form of ChatGPT designed specifically for cybercrime activities. One such known module, WormGPT, advertises itself as a “black hat alternative” to ChatGPT in cybercriminal forums. According to a recent report by SlashNext, WormGPT could execute not only a persuasive tone, but was “strategically cunning”. “It’s like ChatGPT, but has no ethical boundaries or limitations,” the report said, noting the development of these nefarious tools underscores the threat posed by even novice cybercriminals.
The rise of AI technology is creating additional complexities and challenges for cybersecurity measures highlighting the importance of utilizing more robust defense mechanisms against evolving threats. Below are our suggestions on what you can do now to help protect your business against AI generated cyberattacks.
Enhanced Email Verification Measures:
Implement stringent email verification systems, such those included in Microsoft Business Premium. Microsoft Business Premium’s Advanced Threat Protection (ATP) notifies users of possible phishing attempts, scans attachments and links included in emails, has enhanced anti-spam protections, and quarantines suspect emails.
Multi-factor authentication (MFA) prevents compromised passwords from turning into an incident by adding an additional layer of credential verification beyond just a username and password. MFA requires the user to verify the login with a passcode or confirming a prompt received on the user’s mobile device.
Endpoint Detection and Response (EDR):
Traditional anti-virus protection looks for known threats and must constantly be updated by researchers to stay ahead of emerging threats. Endpoint Detection and Response goes a step further by monitoring behavior of applications and downloads, which means it can identify threats in real-time. EDRs can then act without human intervention to secure the environment.
End User Training:
No matter how secure your system is, it only takes one employee to click on a link in a phishing email to let a malicious individual gain access to an organization’s network. As high as 70% of all breaches are the result of a social engineering attack. Incorporating a proven security awareness training program into an organization is critical to maximize the effect of any tools put in place, and to empower employees to make safe choices.
The emergence of AI has provided cybercriminals with powerful tools to launch their attacks. As AI technology develops, we’ll see even more sophisticated, efficient, and prolific cyberattacks. Protecting your business against these threats means deploying robust, multi-faceted cybersecurity defense mechanisms to keep your data and your business safe.
On Line Support’s cybersecurity team combines their expertise with today’s best tools to keep your data and business safe. Learn more