GenAI Can Save Phishers Two Days of Work

Generative AI tools can save phishing actors 16 hours of work designing a scam email, but still can't match a human knack for crafting more convincing missives, according to new IBM research. Social engineering expert Stephanie Carruthers revealed details of a new research project today, in which her team sought to understand whether generative AI models have the same deceptive powers as the human mind. "With only five simple prompts we were able to trick a generative AI model to develop highly convincing phishing emails in just 5 minutes - the same time it takes me to brew a cup of coffee," she explained. "It generally takes my team about 16 hours to build a phishing email, that's without factoring in the infrastructure set-up. So, attackers can potentially save nearly two days of work by using generative AI models." Among the prompts were: the top areas of concern for employees working in specific industries; social engineering and marketing techniques that should be used; and the people/company that should be impersonated. "I have nearly a decade of social engineering experience, crafted hundreds of phishing emails, and I even found the AI-generated phishing emails to be fairly persuasive," said Carruthers. "In fact, there were three organizations who originally agreed to participate in this research project, and two backed out completely after reviewing both phishing emails because they expected a high success rate." The IBM X-Force Red social engineering team were marginally more successful in their efforts, which tapped "Creativity and a dash of psychology" to resonate more deeply with their targets and add an air of authenticity that Carruthers claimed is hard for AI to replicate. A round of A/B testing revealed the click rate for the human-generated phishing email was slightly higher than that of the AI-generated email. It was also reported less frequently than the AI version. AI is likely to become an increasingly disruptive force in the phishing industry going forward, especially when used in malicious tools like WormGPT. "Humans may have narrowly won this match, but AI is constantly improving. As technology advances, we can only expect AI to become more sophisticated and potentially even outperform humans one day," Carruthers concluded.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to GenAI Can Save Phishers Two Days of Work

Aim Security Raises $10M to Secure Generative AI Enterprise Adoption - PRESS RELEASE. TEL AVIV, Israel-(BUSINESS WIRE)-Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. Aim Security was founded by ...
8 months ago Darkreading.com
Flow Security Launches GenAI DLP - PRESS RELEASE. TEL AVIV, Israel, Nov. 30, 2023 /PRNewswire/ - Flow Security, the pioneering Data Security Lifecycle Platform, announced today its extension to GenAI Security with the launch of a new GenAI DLP module. This move makes Flow Security the ...
10 months ago Darkreading.com
GenAI Regulation: Why It Isn't One Size Fits All - With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it's important to remember that excessive regulation can stifle ...
6 months ago Cybersecurity-insiders.com
AI Market Research: The Pivotal Role of Generative AI in Cyber Security - What researchers are learning about GenAI and cyber security. Pair AI with cyber security and the possibilities are staggering. For many security professionals, it's a foregone conclusion that incorporating intelligence into cyber security will ...
4 months ago Blog.checkpoint.com
Akto Launches Proactive GenAI Security Testing Solution - With the increasing reliance on GenAI models and Language Learning Models like ChatGPT, the need for robust security measures have become paramount. Akto, a leading API Security company, is proud to announce the launch of its revolutionary GenAI ...
7 months ago Darkreading.com
CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Cisco Motific reduces GenAI security, trust, and compliance risks - Cisco announced Motific, Cisco's SaaS product that allows for trustworthy GenAI deployments in organizations. Born from Outshift, Cisco's incubation business, Motific provides a central view across the entire GenAI journey, empowering central IT and ...
7 months ago Helpnetsecurity.com
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. 70% of respondents reported rapid GenAI adoption as a top concern for them. Gartner experts have identified four key ...
9 months ago Helpnetsecurity.com
11 GenAI cybersecurity surveys you should read - Generative AI stands at the forefront of technological innovation, reshaping industries and unlocking new possibilities across various domains. As the integration of these technologies continues, a vigilant approach to ethical considerations and ...
9 months ago Helpnetsecurity.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
4 months ago Securityboulevard.com
Securing Remote Work: A Guide for Businesses - This article aims to provide businesses with a comprehensive guide to securing remote work, covering the essential components of remote work security policies and exploring best practices for ensuring secure communication. By implementing these ...
8 months ago Securityzap.com
Cybersecurity in the Age of Remote Work - The shift towards remote work has brought numerous benefits, but it has also exposed organizations to new cybersecurity risks. We will uncover key insights and best practices to ensure the safety of operations in the age of remote work. In ...
7 months ago Securityzap.com
Businesses gain upper hand with GenAI integration - Firms that actively harness generative AI to enhance experiences, offerings, and productivity will realize outsized growth and will outpace their competition, according to Forrester. Between July and September 2023, the number of enterprises that are ...
10 months ago Helpnetsecurity.com
GenAI Can Save Phishers Two Days of Work - Generative AI tools can save phishing actors 16 hours of work designing a scam email, but still can't match a human knack for crafting more convincing missives, according to new IBM research. Social engineering expert Stephanie Carruthers revealed ...
10 months ago Infosecurity-magazine.com
15% of office workers use unsanctioned GenAI tools - Help Net Security - Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. When employees have unfettered access to ...
3 days ago Helpnetsecurity.com
CIOs shape long-term success with GenAI expertise - Today's CIOs have evolved from managing IT infrastructure and ensuring systems' efficiency to becoming key business strategists, according to IDC. They stand at the intersection of technology and business, leveraging innovations to shape ...
9 months ago Helpnetsecurity.com
Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints - Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. With the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances ...
9 months ago Cybersecurity-insiders.com
What is Security Service Edge? - The contemporary work landscape is swiftly transitioning into a hybrid model, encompassing remote and office-based work for employees. This transformation introduces novel challenges in ensuring security across many work locations with diverse ...
9 months ago Cybersecuritynews.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
4 months ago Hackread.com
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem - Cybersecurity professionals and technology innovators need to be thinking less about the threats from GenAI and more about the threats to GenAI from attackers who know how to pick apart the design weaknesses and flaws in these systems. Chief among ...
8 months ago Darkreading.com
GenAI development should follow secure-by-design principles - Given how dangerous the gold rush was and how long it took to incorporate safety measures, the time is now for organizations using GenAI to follow secure-by-design principles and follow CISA's example. Beyond writing faux movie scripts and passing ...
8 months ago Techtarget.com
Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
7 months ago Darkreading.com
Preventing PII Leakage through Text Generation AI Systems - Do an online search for ways to bypass text generation AI security filters, and you will find page after page of real examples and recommendations on how one can trick them into giving you information that was supposed to be blocked. This remains ...
9 months ago Securityboulevard.com
Cybersecurity trends: IBM's predictions for 2024 - As organizations begin planning their security strategies for 2024, now is the time to look back on the year before and extrapolate what the future may hold. The impact of the many new uses for GenAI rippled the cybersecurity world and was a top ...
8 months ago Securityintelligence.com
The Power and Limitations of AI in Cybersecurity - Today's chief information security officers face new cybersecurity challenges because of the increasing use of artificial intelligence, particularly generative AI. This is not a surprise given the growing use of GenAI in the workplace, with fully ...
8 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)