I was recently asked about artificial intelligence (AI) and machine learning (ML) as it relates to cyber threats. One of the key areas of discussion involved the ability of ML to customize phishing emails.
To understand the latest phishing email developments, it is important to start with the difference between AI and ML. ML is a subset of AI that describes a specific style of artificial learning. In general, AI refers to making a computer mimic human behavior including the ability to reason. ML describes one learning technique in which the computer is able to learn without explicit programming to do so. Typically, this is done by giving the computer a large number (millions or more) of initial data points so it can build a statistical model of “the answer.”
An example of ML would be teaching a computer to recognize a photo of a specific person by first giving it thousands of photos of said person and allowing it to build a statistical model of what that person looks like. This is essentially how facial recognition works.
Given the above, it is entirely conceivable to use ML to teach a computer how to write a phishing email. You would first feed thousands or even millions of emails for the computer to learn from, and then it would have the ability to generate similar-looking emails with customized names, titles, offers, etc. This would allow attackers to automate better phishing emails and target more organizations specifically in shorter time periods.
Although we use phishing emails as an example, I also anticipate attackers using ML techniques more and more to avoid detection in their target environments. We already make heavy use of ML to detect malicious activities, so it is not unrealistic to think attackers are building similar capabilities. Imagine if attackers could build tools that would predict defensive tools and change their behaviors as a result! Detection of malicious activities would become even more complex.
Nevertheless, this doesn’t change the enterprise security model. We already know attackers will continue to develop better and more sophisticated techniques, but they will always grab the lowest-hanging fruit first. Most organizations need to focus their enterprise security efforts on the basics before deploying any sort of advanced toolsets. One of the major downfalls of security plans we see time and time again is the thought that an expensive, advanced tool is a security silver bullet. While these tools can be incredibly useful and powerful, they are only enablers. They enable better security postures, but they do not provide security on their own. The technology is only as good as the teams using and monitoring it. This is where it is important to have human defenders investigating your environment. If you do not have the resources in-house, a managed detection and response provider can be an extension of your security operations team or act as your security operations team.
Additionally, most organizations need to focus on security culture including employee training, security of critical assets like domain controllers, incident response plans, and compliance configurations before thinking about advanced toolsets and machine learning.
Learn more about domain controller attacks and the best way to prevent them in our whitepaper The Domain Controller…An Achilles Heel.
Senior product engineer | Pondurance
Jason is a Senior Product Engineer and has worked in cybersecurity roles for more than 10 years since graduating from Purdue University with a Bachelor of Science in computer science in 2009. At Pondurance, Jason leads our application development. Prior to joining Pondurance, Jason worked as a defense contractor in the Washington, D.C., area and was a NASA intern while attending Purdue. Jason loves the challenges brought forward by a career in cybersecurity and working to secure national infrastructure. Outside of cybersecurity, Jason considers himself a maker with a particular passion for educational technology, an amateur cartographer, and an urban enthusiast, and he is fascinated by aerospace engineering and everything related to space exploration. Jason also enjoys playing soccer and basketball as well as cheering on the Indiana Colts, Indiana Pacers, Washington Capitals, and St. Louis Blues! Jason is excited to be back in Indianapolis as part of the rising Indy tech community!