Search Site

BP announces $7bn gas project

The project aims to unlock 3 trillion cu ft of gas resources in Indonesia.

Lulu Retail Q3 profit $35m

For the nine-month period, net profit increased by 73.3%.

Talabat IPO offer price range announced

The subscription will close on 27 Nov for UAE retail investors.

Salik 9M net profit $223m

The company's third-quarter profit increased by 8.8 percent.

Avia to buy 40 Boeing aircraft

The transaction for the purchase of 737 MAX 8 jets valued at $4.9bn.

Rise of GenAI boosts phishing threats during holidays

Cybercriminals use advanced AI for convincing phishing, including BEC attacks and deepfake audio. (Pexels)
  • The sophistication of GenAI-driven phishing attacks requires robust security, including advanced DDoS protection and proactive cyber resilience strategies, says an expert.
  • Emad Fahmy of NETSCOUT recommends establishing strong passwords, exercising caution online, and extensive use of VPNs to enhance cybersecurity amid rising threats.

DUBAI, UAE — In the rapidly evolving cybersecurity landscape, the emergence of generative artificial intelligence (GenAI) has ushered in a new era of threats, especially during the holiday season.

Cybercriminals leverage advanced language models like GPT-3 to create sophisticated and convincing phishing scams, exploiting festive occasions when online activities are at their peak.

As individuals and organizations face an increasing risk of falling victim to these GenAI-driven holiday phishing attacks, the need for modern security tools becomes paramount. This article explores how cutting-edge security measures can effectively safeguard against cyber threats posed by GenAI-driven phishing scams during the holidays.

Emad Fahmy

Emad Fahmy, Systems Engineering Manager for the Middle East at NETSCOUT, sheds light on this critical intersection of technology and cybersecurity in the GCC region.

The integration of generative AI, such as ChatGPT, has empowered cybercriminals to elevate their phishing tactics to unprecedented levels of sophistication. During holidays like Christmas and Eid, when online activities surge, attackers exploit the increased digital footprint to launch targeted phishing campaigns.

These campaigns often involve AI-generated content, including business email compromise (BEC) attacks, spear-phishing messages, and even deepfake audio for impersonation. As cyber threats evolve, security tools must keep pace, offering advanced capabilities to detect and counteract these GenAI-driven scams.

Features and Approaches to Prioritize in Modern Security Tools

To effectively thwart GenAI-driven holiday phishing scams, modern security tools must possess specific features and approaches. AI-driven email security solutions are capable of identifying and neutralizing phishing attempts powered by advanced language models.

Additionally, focusing on user education, skepticism, and awareness remains crucial. As GenAI evolves, security tools must adapt and integrate advanced threat intelligence, automated solutions, and extended detection and response (XDR) technologies. This proactive approach ensures that individuals and organizations can defend against current threats and remain resilient in the face of the evolving GenAI landscape.

Overview of GenAI in Holiday Phishing Scams

Fahmy highlights the heightened risks during extended holiday weekends, such as Christmas and Eid, as cybercriminals exploit the increased online shopping activities.

The introduction of GenAI tools like ChatGPT has accelerated cyberattacks, particularly in the form of Business Email Compromise (BEC) and phishing messages.

Fahmy points out the development of specialized tools like WormGPT and FraudGPT, designed explicitly for malicious activities, enabling attackers to conduct targeted spear-phishing campaigns at scale.

“Generative AI facilitates the production of deepfake audio, introducing risks like imitating trusted voices for fraudulent transactions,” says Fahmy.

NETSCOUT’s Approach to Safeguarding Against GenAI-Powered Phishing

Fahmy emphasizes NETSCOUT’s commitment to combating cyber threats, including GenAI-powered phishing. Despite the prevalence of human error as a significant vulnerability, NETSCOUT addresses this by offering robust Distributed Denial-of-Service (DDoS) protection.

The “DDoS Threat Intelligence Report” for 2023 reveals a 31 percent year-over-year increase in DDoS activities, underscoring the need for comprehensive mitigation solutions.

NETSCOUT’s approach involves a multi-layered implementation of specialized DDoS mitigation solutions, ensuring preparedness, detection, classification, tracing, and successful mitigation of attacks.

Impact of GenAI on Phishing Scams

The integration of GenAI has significantly impacted the volume and success rates of holiday phishing scams, ushering in a new era of sophistication for cybercriminals.

In an interview with TRENDS, Fahmy mentioned: “In spear phishing, AI-generated emails prove more convincing, while vishing evolves with efficient information gathering and deepfake audio capabilities. Detecting these attacks requires deploying generative AI for email security, though cost considerations remain.”

The ability to create highly personalized spear-phishing content with improved language quality contributes to higher success rates. Cybercriminals ingeniously use carefully crafted prompts to bypass protections, making GenAI-driven phishing more challenging to detect and counter.

Comparison with Traditional Social Engineering

The techniques employed by GenAI-driven phishing differ significantly from traditional social engineering methods. GenAI eliminates errors, creates realistic messages, and accelerates campaign dissemination.

Fahmy explains that AI-generated emails are more convincing, incorporating relevant references and addressing language issues that traditionally revealed scam emails. The effectiveness and speed of GenAI-driven phishing surpass traditional methods, posing an increased challenge for individuals and organizations.

Recognizing Phishing Attempts During the Holiday Season

Recognizing a phishing attempt can be challenging for the average person, especially during the holiday season.

Fahmy provides key indicators and red flags individuals should be aware of, including skepticism towards urgent messages and checking for generic greetings, misspellings, and unfamiliar sender addresses. Avoiding clicking on suspicious links and verifying requests directly with the alleged sender through official channels can help individuals navigate the evolving landscape of phishing scams.

There is a rise in ransomware and attacks on IoT infrastructure using GenAI. (Pexels)

Proactive Measures for Cyber Resilience

In the face of evolving cyber threats, Fahmy outlines proactive measures for individuals and organizations to enhance cyber resilience during the holiday season and beyond. Strong, unique passwords, avoiding unprotected Wi-Fi, and staying vigilant against phishing attacks are essential. He recommends using a VPN for secure browsing, verifying websites before making purchases, and prioritizing app and website verification through online reviews to mitigate the risk of fraud.

Fahmy advises, “Be cautious of copycat sites that mimic familiar brands, and verify websites before making purchases. Stay vigilant against phishing attacks, including smishing and phishing via social media, by avoiding unknown senders and not clicking on links. Prioritize verifying apps and websites through online reviews to mitigate the risk of fraud.”

Foreseeing Trends in GenAI Utilization by Cybercriminals

Looking ahead, Fahmy anticipates intensifying ransomware threats and personalized attacks on IoT infrastructure by cybercriminals utilizing GenAI. Organizations must adopt automated solutions driven by threat intelligence for preventive actions. The push for cloud migration and the Internet of Things (IoT) will continue, requiring robust security technologies embedded in cloud architecture.

Fahmy concludes by highlighting the evolution of endpoint/network detection and response technologies into extended detection and response (XDR), which is crucial for future cybersecurity.