With the rise of generative AI usage across industries, no one should be surprised this trend also applies to the cybercriminal industry. They, too, are integrating AI into their workflows to ultimately increase productivity.

This new technological integration into cyber criminals’ and other threat actors’ operations have many IT security professionals left wondering:

• In what specific ways are threat actors leveraging generative AI to enhance their malicious operations?
• What are the implications of these AI-enhanced cyber threats for my organization’s security strategy?
• What specific measures and technologies can my organization implement to effectively combat AI-powered cyber threats, particularly in the realm of phishing and social engineering?

Before we address those questions: what is generative AI and what are its uses?

Generative AI: Text, Images, Code, …

Generative AI is an artificial intelligence technology trained to create new data in a variety of forms, such as text, images, code, music, videos, and more. Fundamentally, this technology requires a prompt as input (e.g., “Write a Python script to do …”) and outputs a form of data (e.g., text; lines of code) that responds to the prompt’s request.

Examples of generative AI tools you might have used or heard of are:

Technology Name	Form of Output Data
Bard	Text
ChatGPT	Text
DALL-E	Image
Midjourney	Image

Legitimate organizations are utilizing these and other generative AI tools to conduct research, develop and refine software code, assist in troubleshooting and problem-solving, craft compelling marketing copy, generate inspiration for various projects, derive insights from data analysis, and much more.

Are these uses any different than how threat actors are using generative AI?

Threats and AI: Faster, More Effective Attacks

AI usage by cyber criminals and threat actors is, at the core, no different than by legitimate businesses: to make operations more efficient and effective.

Ways threat actors are utilizing AI include: creating more convincing phishing content, developing more deceptive deepfakes, mass producing misinformation, and automating attacks. With AI, threat actors are:

• Producing phishing content that is grammatically correct, more convincing, and better evades spam filters and other detections;
• Personalizing scam messages or sending spearphishing emails by first using AI to analyze a target’s online behavior;
• Creating voice clones of a trusted person (e.g., the target’s manager’s voice, if samples of it can be found online) and using the deepfake audio to perform a vishing attack;
• Spinning up credential-stealing websites that are difficult for a victim to distinguish from legitimate sites;
• Automating their operations to perform the above at scale.

In other words, cyber criminals are using AI tools to create more convincing attacks – and doing it in less time. This poses concern around new, or zero-day, attacks.

Combating Zero-Day Phishing

To help protect against social engineering attacks, most enterprises subscribe to phishing feeds; but this solution protects only against known phishing sites. With AI, attackers are able to spin up new phishing and other social engineering websites faster and with more convincing content. These websites, that are not yet known to anti-phishing tools and phishing feeds, are sometimes referred to as “zero-day phishing sites”. 

Protecting your organization’s assets against the increased likelihood of zero-day phishing attacks are best mitigated using tools and technologies that offer a high level of visibility, a depth of maturity in detecting both known and emerging threats, and a means to integrate into an employee’s workspace. Such technology serves a dual purpose: it acts as a line of defense by identifying and neutralizing potential threats, and it also functions as an educational platform. 

By providing users with real-time insights of detected threats, this technology becomes an invaluable tool in educating employees. This immediate and contextual learning empowers them to recognize and respond to phishing attempts that might slip through defenses or are delivered through communication channels not protected by adequate defenses (Think: home computers, personal devices, voice call communications, etc.). This approach blends technological vigilance with human discernment, ultimately fortifying an organization’s overall cybersecurity posture.

Keep Aware: Combating New Phishing Sites

In addressing the challenge of zero-day phishing, Keep Aware offers a comprehensive solution with three key features:

1. Integration into the Browser for Enhanced Visibility:
   Keep Aware’s security solution is seamlessly integrated into web browsers, where employees spend an estimated 90% of their time. This integration is central to its effectiveness since it allows for a deep level of visibility into browser-based activities. By embedding directly into browsers that organizations already use, Keep Aware ensures a non-disruptive and frictionless addition to existing workflows. This integration is also crucial for detecting and preventing threats in real-time.

2. Continuous Research into Browser-Related and Social Engineering Threats:
   Keep Aware places a strong emphasis on understanding and mitigating threats that specifically target individuals through their internet browsing activities. Keep Aware’s approach involves analyzing how information is presented to users and how they interact with it. This human-centric perspective is fundamental in preempting threats at the point-of-click, such as phishing, social engineering, and malicious extensions. The company’s product encompasses features like web content analysis, extension audit and blocking, and a full browser detection and response system – all aimed at addressing the unique risks posed by browser-based activities.

3. Real-Time Feedback to Employees on Potential Phishing Sites:
   Keep Aware’s solution empowers employees to make informed decisions and actively participate in security practices. By offering real-time threat identification and prevention, the solution not only acts as a defense mechanism but also serves as an educational tool for employees. This immediate, contextual feedback helps in building a resilient organizational security culture, where employees are better equipped to recognize and respond to phishing attempts and other browser-based threats.

In essence, Keep Aware’s approach to tackling zero-day phishing is rooted in its integration with the browser, continuous research into evolving threats, and its focus on empowering employees with real-time, actionable insights. This combination of technological innovation and human-centric strategies positions Keep Aware as a robust solution in the protection against known and emerging browser-based threats.

Come see what we’ve built at Keep Aware and learn how security teams are implementing this critical line of defense to protect against new phishing threats.