Flipping the BEC funnel: Phishing in the age of GenAI

For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait.
Common among these new techniques was a shift towards a more balanced approach to phishing, one emphasizing both quantity and quality.
This shift gave rise to the advanced phishing techniques we know all too well today, like spear-phishing and business email compromise.
Unlike the phishing tactics of yesteryear, these techniques make use of much more carefully crafted, convincing messaging tailored to deceive specific individuals, groups, or organizations.
This shift in phishing philosophies has also led to a precipitous decline in the use of malicious payloads in phishing emails - presumably to avoid detection from the more capable email security solutions of today.
It appears this inherent constraint on scale is now a thing of the past, with the emergence of generative AI effectively flipping the funnel on phishing speed and scale.
Interestingly, researchers have been aware of GenAI's potential for supercharging phishing campaigns since 2021, with some even publishing research demonstrating the ability of OpenAI's ChatGPT to generate significantly more sophisticated and effective phishing emails in a fraction of the time.
Now, over a year since GenAI tools entered the mainstream, they've managed to completely upend the traditional trade-off between quality and quantity that once held phishing content creation in check.
The security community has witnessed the emergence of GenAI tools explicitly designed for nefarious purposes, such as FraudGPT and WormGPT. These tools empower threat actors by automating the development of highly personalized spear-phishing and BEC attacks that are not only grammatically correct, but also capable of adapting the text to various languages, contexts, and communication styles.
Such customization potential could enable bad actors to automate even more aspects of the phishing process, even while operating within the tool's prescribed safeguards.
A significant majority of organizations appear ill-prepared to counter these emerging phishing threats.
Our analysis found over 8 million phishing attempts successfully evaded native defenses in 2022 alone.
It's becoming increasingly apparent that the only reliable way to combat this rising tide of advanced phishing threats is to fight fire with fire - that is, to leverage AI and machine learning-enabled email security solutions as defensive measures against this rapidly changing, increasingly-challenging threat landscape.
Employees play a critical role in scrutinizing flagged emails, engaging with email chatbots for context, and contributing their insights to catch highly sophisticated emails that might circumvent security.
In addition to deploying the right AI security tools, every CISO should prioritize security awareness training and phishing simulation testing.
As phishing tactics evolve, employees may become their company's last line of defense against novel attacks.
To build broader employee knowledge of trending phishing tactics, it's crucial to develop and implement ongoing training and testing programs.
As a first step, companies should use phishing simulation testing to establish a performance baseline for each employee.
The landscape of phishing attacks has evolved significantly in recent years, with threat actors employing more advanced techniques that target specific individuals, groups, or organizations with the scale and sophistication that many legacy email solutions cannot protect against.
By staying informed and prepared, organizations can significantly reduce their vulnerability to these advanced phishing techniques and protect their valuable assets from cybercriminals.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 15 Jan 2024 06:13:04 +0000


Cyber News related to Flipping the BEC funnel: Phishing in the age of GenAI

Aim Security Raises $10M to Secure Generative AI Enterprise Adoption - PRESS RELEASE. TEL AVIV, Israel-(BUSINESS WIRE)-Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. Aim Security was founded by ...
10 months ago Darkreading.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
11 months ago Helpnetsecurity.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Flow Security Launches GenAI DLP - PRESS RELEASE. TEL AVIV, Israel, Nov. 30, 2023 /PRNewswire/ - Flow Security, the pioneering Data Security Lifecycle Platform, announced today its extension to GenAI Security with the launch of a new GenAI DLP module. This move makes Flow Security the ...
1 year ago Darkreading.com
Concerned About Business Email Compromise? 4 Technologies That Can Help - Business email compromise is a sophisticated form of cybercrime that targets commercial, governmental and non-profit organizations. The cybercriminal impersonates a senior executive or a key vendor and sends an email to an unsuspecting employee with ...
1 year ago Securityboulevard.com
GenAI Regulation: Why It Isn't One Size Fits All - With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it's important to remember that excessive regulation can stifle ...
9 months ago Cybersecurity-insiders.com
Akto Launches Proactive GenAI Security Testing Solution - With the increasing reliance on GenAI models and Language Learning Models like ChatGPT, the need for robust security measures have become paramount. Akto, a leading API Security company, is proud to announce the launch of its revolutionary GenAI ...
10 months ago Darkreading.com
AI Market Research: The Pivotal Role of Generative AI in Cyber Security - What researchers are learning about GenAI and cyber security. Pair AI with cyber security and the possibilities are staggering. For many security professionals, it's a foregone conclusion that incorporating intelligence into cyber security will ...
6 months ago Blog.checkpoint.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
10 months ago Techrepublic.com
Cisco Motific reduces GenAI security, trust, and compliance risks - Cisco announced Motific, Cisco's SaaS product that allows for trustworthy GenAI deployments in organizations. Born from Outshift, Cisco's incubation business, Motific provides a central view across the entire GenAI journey, empowering central IT and ...
10 months ago Helpnetsecurity.com
CyberCrime & Doing Time: Identification Documents: an Obsolete Fraud Countermeasure - When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. In the new case, Brianna Mills, a 28-year old bank teller in Loganville, Georgia ...
10 months ago Garwarner.blogspot.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
11 months ago Securityzap.com
11 GenAI cybersecurity surveys you should read - Generative AI stands at the forefront of technological innovation, reshaping industries and unlocking new possibilities across various domains. As the integration of these technologies continues, a vigilant approach to ethical considerations and ...
11 months ago Helpnetsecurity.com
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. 70% of respondents reported rapid GenAI adoption as a top concern for them. Gartner experts have identified four key ...
11 months ago Helpnetsecurity.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
7 months ago Securityboulevard.com
Businesses gain upper hand with GenAI integration - Firms that actively harness generative AI to enhance experiences, offerings, and productivity will realize outsized growth and will outpace their competition, according to Forrester. Between July and September 2023, the number of enterprises that are ...
1 year ago Helpnetsecurity.com
Ofcom publishes UK age verification proposals The Register - The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act. The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include ...
1 year ago Go.theregister.com
PornHub now also blocks Texas over age verification laws - PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. Texas' age verification bill HB 1181, passed last year, went back into effect last week after the State won an ...
9 months ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
10 months ago Gbhackers.com
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem - Cybersecurity professionals and technology innovators need to be thinking less about the threats from GenAI and more about the threats to GenAI from attackers who know how to pick apart the design weaknesses and flaws in these systems. Chief among ...
10 months ago Darkreading.com
Teaching Digital Ethics: Navigating the Digital Age - In today's digital age, where technology permeates every aspect of our lives, the need for ethical behavior in the digital realm has become increasingly crucial. This article explores the significance of digital ethics education in our society and ...
11 months ago Securityzap.com
CIOs shape long-term success with GenAI expertise - Today's CIOs have evolved from managing IT infrastructure and ensuring systems' efficiency to becoming key business strategists, according to IDC. They stand at the intersection of technology and business, leveraging innovations to shape ...
1 year ago Helpnetsecurity.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
7 months ago Hackread.com
Mississippi Can't Wall Off Everyone's Social Media Access to Protect Children - In what is becoming a recurring theme, Mississippi became the latest state to pass a law requiring social media services to verify users' ages and block lawful speech to young people. Once again, EFF explained to the court why the law is ...
5 months ago Eff.org
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
9 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)