Cracking the Cyber threats: An interview with LogRhythm’s CISO Andrew Hollister

Andrew: Generative AI is becoming faster and more accurate and this is transforming the ways that threat actors are deploying phishing attacks. What began decades ago as “pray and spray” email blasts designed to trick recipients into visiting malicious sites or giving up credentials has grown into a worldwide industry, and this is only accelerating with the rise in AI technologies. The evolution of AI is enabling threat actors to now engage with targets in more sophisticated ways to manipulate the conversation. Attackers can show generative AI tools a multitude of legitimate emails, then request it to create original phishing emails based on those examples. Natural language processing (NLP) allows the AI to create believable written content. This is changing the game when it comes to creating realistic phishing attacks.

Andrew: Generative AI is employed to refine the tricks fraudsters have relied on in phishing scams of the past. We are seeing threat actors leveraging AI to write content that uses specific phrasing to create a sense of urgency. Generative AI can easily create content that provokes an emotional response with the goal of manipulating recipients into following a set of instructions. Even though this is a tactic already used in phishing attacks, using generative AI takes this to the next level with very little effort required from threat actors. Generative AI can correct imperfect spelling and grammar, both of which are commonly associated as signs of a phishing attempt. To take this one step further, it can mimic communication patterns with the intent to extort information from their chosen target. They can write text for specific audiences, for example, in a corporate tone, in line with spear phishing attacks.

Andrew: With AI-based phishing attacks on the rise, organizations need to be aware of their biggest areas of weakness. Conducting regular phishing attack simulations is an important exercise for organizations to carry out, and those who fail to do so are missing out on an essential education opportunity. Through this activity, they can assess how well their users perform in identifying phishing attacks, and provide additional targeted training to help users operate more safely. Whilst many solutions for email filtering are available today, none are perfect, and the user will continue to be an important factor in defending the organization. Many organizations now operate hybrid working models yet lack a Bring Your Own Device (BYOD) policy. This means that if an employee’s device is compromised, attackers can gain access to sensitive data not only on that device but across the organization’s entire network. A lack of regular patching on employees’ devices can also leave organizations in a vulnerable position. Employees that fail to remove unused applications and plug-ins from their devices are also opening up opportunities for threat actors, giving them more angles to exploit.

Andrew: The use of generative AI is rewriting the rules when it comes to spotting phishing attacks. Many people associate phishing emails with poorly worded English and clunky phrases. The rise of generative AI has turned this on its head, with content distributed by attackers now sounding much more natural and genuine. This has the potential to trick people who are looking for the usual tell-tale signs of a phishing attempt. To add to this new challenge, AI powers rapid, intelligent responses to messages from its targets. It allows threat actors to respond in real time with deep-faked voice clips taken from real voice recordings. All of these factors contribute to the growing challenge organizations are facing when it comes to identifying and detecting AI-powered phishing attacks.

Andrew: The most important line of defense against all phishing attacks remains the same – the user. It is vital that organizations streamline the education and reporting process of phishing attempts. This means all users must be aware of cybersecurity best practices and how to spot and remain vigilant to malicious activity. Users should always question urgent calls for action and verify the origin of the email. Beyond staying up to date with the latest warning signs associated with AI-generated phishing attacks, organizations should closely follow their information security program and ensure they have effective tools in place to analyze and mitigate these attacks. Sixty percent of organizations who experienced a ransomware attack did not have a security information and event management (SIEM) platform in place. Whilst the threats and threat actors change over time, doing the basics continues to offer a solid basis of risk reduction, and organizations should not be distracted from implementing the processes and technologies to deliver on that basic security defensive posture, which of course includes SIEM, as well as other technologies such as multi-factor authentication (MFA) and endpoint detection and response (EDR).

Andrew: Generative AI will only continue to evolve and become more sophisticated. The hard truth is that there is no silver bullet for keeping your organization safe against attacks. Cybersecurity is an ongoing journey, not a destination. Keeping on top of evolving phishing threats requires the continuous evolution of defenses, and organizations must be prepared to invest an ongoing amount of time and money to remain secure. With this in mind, organizations must do more than just implement a solution. They must focus on achieving long-term cyber resilience where the basics are the staple of their security foundation. It is imperative that organizations stay informed on the latest phishing tactics and maintain a culture of security awareness across their entire organization. They should also be prioritizing essential measures such as security hygiene, patching, and backups. This then creates a strong posture that they can build on with the appropriate threat detection tools.