CSLATEST
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
on-line exposure<br />
THE EVIL EYE<br />
THE VAST AMOUNTS OF PERSONAL<br />
DETAILS NOW FREELY AVAILABLE<br />
ON SOCIAL PLATFORMS - BACKED<br />
UP BY AI TOOLS - IS GIVING<br />
CYBERCRIMINALS LEVELS OF<br />
ACCESS AND CONTROL THAT NOT<br />
LONG AGO WOULD HAVE BEEN<br />
THOUGHT UNIMAGINABLE<br />
James Dyer, Egress: threat actors are now<br />
rubbing their hands with glee.<br />
New research warns that, in 2024, QR<br />
code hacks or 'quishing' will increase;<br />
use of AI to create content for spam<br />
emails including deepfakes will rise; highly<br />
personalised social media mining will grow<br />
further; and a wide array of file types and<br />
formats - especially EML - will be used to<br />
propagate phishing and malware attacks.<br />
Such is the warning from James Dyer, threat<br />
intelligence lead at Egress. How can we guard<br />
against such attacks?<br />
"As we share our lives on the internet, threat<br />
actors are rubbing their hands with glee," he<br />
says. "Concerns continue to grow about the<br />
volume of personal details readily available on<br />
social platforms, as well as how cybercriminals<br />
can use generative AI tools to exploit this<br />
data. Cybergangs have increasingly turned to<br />
open-source intelligence (OSINT) for cyber<br />
surveillance, using social media sources to<br />
deep dive [with very little time and cost] into<br />
an individual's job role, social connections and<br />
personal interests, with the intention of<br />
creating hyper-personalised phishing emails<br />
that persuade recipients to reveal sensitive<br />
information or transfer funds."<br />
Unequivocally, AI tools and chatbots have<br />
sped up the process between reconnaissance<br />
and attack, he adds. "Threat actors have<br />
been able to automate the analysis of data<br />
collected through OSINT and social media to<br />
quickly tailor phishing emails with convincing<br />
personalisation. Our recent research reinforces<br />
the concerns cybersecurity teams have,<br />
as 61% of cybersecurity leaders are losing<br />
sleep over AI chatbots being used to create<br />
phishing campaigns, plus 63% are specifically<br />
concerned about deepfakes."<br />
To safeguard data, a clear first step is to<br />
conduct a self-assessment through basic<br />
OSINT techniques. "Search your<br />
name, usernames and images<br />
online to gauge the extent of your<br />
digital footprint," advise Dyer.<br />
"Depending on your findings, consider<br />
adjusting your social media privacy<br />
settings to limit attackers' access to personal<br />
information. With the growing threat of<br />
deepfakes, it is also good to be cautious<br />
about sharing videos online to prevent<br />
potential exploitation of your voice.<br />
"When taking practical steps to minimise<br />
possible attack routes, it is sensible to reduce<br />
the number of email newsletters you sign<br />
up for and make sure unused social media<br />
accounts are deactivated. Ultimately, attackers<br />
can't use your data if there is less of it readily<br />
available to steal."<br />
ON THE DEFENCE<br />
John Scott, lead cyber security researcher at<br />
CultureAI, is in agreement that the rise of<br />
generative AI, deepfakes and QR phishing<br />
has undeniably diversified and evolved the<br />
threat landscape. "While the volume and<br />
sophistication of the attacks may increase,<br />
the underlying principles of these attacks<br />
remain unchanged. This means that defensive<br />
strategies can also equally stay largely the<br />
same. While it sometimes may feel like we are<br />
under siege, it's important to remember that<br />
this is the new normal.<br />
"The immense benefits the internet provides<br />
are not without cost. As new technologies<br />
appear, cybercriminals will seek to exploit<br />
them for their benefit. We are now all<br />
navigating a complex world where caution<br />
and vigilance are essential. As technical<br />
defences strengthen and are switched on by<br />
default, cybercriminals attack by exploiting<br />
our sense of urgency, pushing people for<br />
14<br />
computing security May/June 2024 @CSMagAndAwards www.computingsecurity.co.uk