Future Phishing Attacks Will Use Generative Machine Learning

Phishing attacks aim to steal confidential information using sophisticated methods through a series of techniques via content injection, social engineering, online social networks, and mobile applications. More than 85% of credential phishing attacks looked like legitimate common business workflows to trick end-users into engaging with the email.

Recent advances in Deep Learning have enabled improvements in generative model architectures, and some state-of-the-art models can now produce outputs realistic enough to fool humans.

Now, criminal data analysts and technicians have decided to use Generative Machine Learning (GML) models that learn the distribution of data from a sample dataset and can then generate new attack vectors. 

Until recently with a phishing attack, the victims had an advantage as criminals have had to do everything by hand. All of the text detail, from the email attempt to lure the victim takes time to create and if you watched out for them the less sophisticated attacks are easy to see.

To avoid and mitigate the risks of these attacks, several phishing detection approaches were developed, among which deep learning algorithms provided promising results. However, the results and the corresponding lessons learned are fragmented over many different studies and there is a lack of a systematic overview of the use of deep learning algorithms in phishing detection and now some criminals are using the Deep Learning language model GPT.

OpenAI's version of GPT has demonstrated that incredibly powerful Machine Learning (ML) text generation can also be designed to be quite simple for lay programmers to implement. More recently, OpenAI's Dall-E was used to demonstrate that creating a realistic fake image can be as simple as calling a function with a brief language description.

"Think about something as simple as an image of a grocery bag with a fake logo. If you wanted to get this kind of thing a few years ago, you would have needed to pay someone who knows how to do Photoshop to make the logo and create some fake image. Now this whole process has been boiled down to just one single line of English text," said Prashanth Arun, head of data science for Armorblox.

"Imagine you make a fake Candle Company, with an entire range of candles with your little logo and product descriptions that say different things, it gives you a sense that, you know, these guys have been around for a long time," said Arun.

Future phishing attacks will come with detailed web presences and will be generated with the click of a button.

The idea that GML creates security problems is not new, although one of the problems with it is that it was good at short pieces of text, but the text tended to become unstable once messages become too long.

That type of systemic problem could even be gamed by someone looking to poison data collection. If Planters gave Mr. Peanut an employee bio as chief snack officer, that could translate to a business email compromise campaign where Mr. Peanut requests invoices be paid. Nevertheless, attacks like this can be difficult to defend against and the same problems discerning facts that troubled the phishing ML to would also plague the defensive ML. 

The combination of ease of use and difficulty of defence could mean generative attacks make a substantial change in the threat landscape sooner than most defenders would be prepared for.

"For high-value targets, I think it's still going to be humans running the attacks, simply because the ROI on such scams are much higher," said Arun. "But for a lot of these spray and pray kinds of spammy stuff, I think the quality of that is going to be improved significantly."

Phish Protection:    Mahmood & Dabassi:     SC Magazine:   SC Magazine:   Research Gate

Research Gate:     CPS-VO:      Springer:    

You Might Also Read: 

A Phishing Attack That Delivers Three Forms Of Malware:

 

« Edge AI: The Future of Artificial Intelligence And Edge Computing
CISA Detects Many New Cyber Security Vulnerabilities »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.