Here is a summary of a GenAI Cybersecurity memo from the perspective of a CISO at Highgate Cyber Security:

Memorandum

To: Highgate Cyber Security Leadership Team
From: S Alexander, CISO team
Date: November 9, 2024
Re: Key Insights from SlashNext Phishing Report 2023 – Increasing GenAI Cybersecurity threats

The newly released SlashNext Phishing Report highlights several concerning GenAI related cybersecurity trends that I believe warrant our attention as leaders of Highgate Cyber Security.

The rapid proliferation of generative AI technologies like ChatGPT is dramatically empowering threat actors.

Since ChatGPT’s launch, SlashNext has observed a 1265% increase in phishing emails. This exponential growth is driven by cybercriminals leveraging AI chatbots to craft highly convincing and tailored BEC attacks at scale. We must stay ahead of this GenAI Cybersecurity advancing danger curve by further developing our own AI capabilities.

Equally troubling is the continued rise in mobile and multi-channel threats.

Mobile phishing now accounts for nearly 40% of attacks, with most involving malicious links sent via SMS. Attackers are also executing sophisticated multi-stage campaigns spanning email, mobile, and collaboration platforms. This highlights the need for us to provide protection across all communication channels especially as GenAI powered cybersecurity attack ware is growing exponentially.

The report estimates that BEC attacks now comprise a staggering 68% of phishing threats.

I recommend we redouble our efforts to help customers detect and prevent the diverse forms of business email compromise. We should particularly focus on thwarting payroll diversion schemes, invoice fraud, and executive impersonation tactics.

Overall, it is clear that the threat landscape is evolving at an unprecedented pace.

As leaders in cybersecurity, Highgate must continuously adapt our strategies, technologies, and services to meet these challenges. I propose we convene a meeting to discuss concrete ways Highgate can address the key threats outlined in SlashNext’s report. Our customers are counting on us to keep them secure amidst the rising generative AI storm. I look forward to discussing next steps.

The post GenAI CyberSecurity Threats are Getting Worse first appeared on .

Why is Phishing such a big problem?

Anti-phishing is critical to an organization’s cybersecurity posture. This is because today’s email attacks routinely bypass security controls such as secure email gateways, Microsoft 365 security, and Google Workspace security. All phishing attacks have the potential to result in financial loss, data breaches, identity theft, reputational damage, and operational disruptions.

Phishing is often the initial entry point for ransomware attacks. Attackers send malicious emails with attachments or links that, when clicked, download ransomware onto the victim’s system. Notable ransomware incidents include the WannaCry attack in 2017 and the NotPetya attack in the same year, both of which caused widespread disruption and financial losses.

HighGate Cyber Security deploys the leading anti-phishing platforms

HighGate Cyber Security works with the leading anti-phishing platforms which can be provided as a fully deployed service, or via an automated deployment to protect your organization from cybercriminals posing as trusted contacts. This helps you provide comprehensive protection against Ransomware, Business Email Compromise (BEC), Account Takeover (ATO) and other advanced threats.

Common types of phishing attacks include:

Email phishing:

This is the most common form of phishing attack. Attackers send deceptive emails that appear to come from a legitimate source such as a bank, social media platform, or trusted organization. The email often contains a malicious link or attachment, which, when clicked, leads to a fake website or installs malware on the victim’s device.

Spear phishing:

Spear phishing attacks are highly targeted and personalized. Attackers gather information about a specific individual or organization to make their phishing attempts more convincing. They may use details such as the person’s name, job title, or recent activities to craft a tailored message.

Whaling:

Whaling attacks target high-profile individuals such as executives or senior officials. The phishing emails are designed to appear as urgent or important messages from someone in authority, tricking the victim into taking immediate action or revealing sensitive information.

Smishing:

Smishing, short for “SMS phishing,” involves phishing attacks through text messages. The victim receives a text message that appears to be from a reputable source, such as a bank, requesting sensitive information or urging them to click on a link.

Vishing:

Vishing, or “voice phishing,” involves attackers impersonating a trusted entity over the phone. They may pose as bank representatives, tech support personnel, or government officials, attempting to extract sensitive information or convince the victim to take certain actions.

Anti-phishing Summary

In summary, anti-phishing comprises measures and techniques implemented to protect individuals and organizations from falling victim to phishing attacks. Attackers are constantly creating new methods of impersonating legitimate entities, such as banks, social media platforms, or email providers, to deceive unsuspecting your users into revealing sensitive information such as login credentials, credit card numbers, or personal details.

Stop them with the help of HighGate Cyber Security.

What percentage of emails are phishing?

Phishing email statistics suggest that nearly 1.2% of all emails sent are malicious, which in numbers translated to 3.4 billion phishing emails daily. Extortion of over 33 million records is expected to occur by 2023 with a ransomware or phishing attack occurring every 11 seconds.Apr 4, 2023. Source: Astra Security

In some such attacks the phishing emails contain malicious attachments, such as infected files or executable programs. When the victim opens the attachment, malware is installed on their device, allowing attackers to gain unauthorized access or control.

Another type of phishing using emails includes clone phishing where the attacker creates a replica of a legitimate email, often by copying the content and design, and sending it to the victim. The cloned email typically contains a malicious link or attachment, exploiting the victim’s trust in the original source.

The post Anti-phishing is critical to cybersecurity first appeared on .