Future Phishing Attacks Will Use Generative Machine Learning

Phishing attacks aim to steal confidential information using sophisticated methods through a series of techniques via content injection, social engineering, online social networks, and mobile applications. More than 85% of credential phishing attacks looked like legitimate common business workflows to trick end-users into engaging with the email.

Recent advances in Deep Learning have enabled improvements in generative model architectures, and some state-of-the-art models can now produce outputs realistic enough to fool humans.

Now, criminal data analysts and technicians have decided to use Generative Machine Learning (GML) models that learn the distribution of data from a sample dataset and can then generate new attack vectors. 

Until recently with a phishing attack, the victims had an advantage as criminals have had to do everything by hand. All of the text detail, from the email attempt to lure the victim takes time to create and if you watched out for them the less sophisticated attacks are easy to see.

To avoid and mitigate the risks of these attacks, several phishing detection approaches were developed, among which deep learning algorithms provided promising results. However, the results and the corresponding lessons learned are fragmented over many different studies and there is a lack of a systematic overview of the use of deep learning algorithms in phishing detection and now some criminals are using the Deep Learning language model GPT.

OpenAI's version of GPT has demonstrated that incredibly powerful Machine Learning (ML) text generation can also be designed to be quite simple for lay programmers to implement. More recently, OpenAI's Dall-E was used to demonstrate that creating a realistic fake image can be as simple as calling a function with a brief language description.

"Think about something as simple as an image of a grocery bag with a fake logo. If you wanted to get this kind of thing a few years ago, you would have needed to pay someone who knows how to do Photoshop to make the logo and create some fake image. Now this whole process has been boiled down to just one single line of English text," said Prashanth Arun, head of data science for Armorblox.

"Imagine you make a fake Candle Company, with an entire range of candles with your little logo and product descriptions that say different things, it gives you a sense that, you know, these guys have been around for a long time," said Arun.

Future phishing attacks will come with detailed web presences and will be generated with the click of a button.

The idea that GML creates security problems is not new, although one of the problems with it is that it was good at short pieces of text, but the text tended to become unstable once messages become too long.

That type of systemic problem could even be gamed by someone looking to poison data collection. If Planters gave Mr. Peanut an employee bio as chief snack officer, that could translate to a business email compromise campaign where Mr. Peanut requests invoices be paid. Nevertheless, attacks like this can be difficult to defend against and the same problems discerning facts that troubled the phishing ML to would also plague the defensive ML. 

The combination of ease of use and difficulty of defence could mean generative attacks make a substantial change in the threat landscape sooner than most defenders would be prepared for.

"For high-value targets, I think it's still going to be humans running the attacks, simply because the ROI on such scams are much higher," said Arun. "But for a lot of these spray and pray kinds of spammy stuff, I think the quality of that is going to be improved significantly."

Phish Protection:    Mahmood & Dabassi:     SC Magazine:   SC Magazine:   Research Gate

Research Gate:     CPS-VO:      Springer:    

You Might Also Read: 

A Phishing Attack That Delivers Three Forms Of Malware:

 

« Edge AI: The Future of Artificial Intelligence And Edge Computing
CISA Detects Many New Cyber Security Vulnerabilities »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.