CSLATEST

on-line exposure
THE EVIL EYE
THE VAST AMOUNTS OF PERSONAL
DETAILS NOW FREELY AVAILABLE
ON SOCIAL PLATFORMS - BACKED
UP BY AI TOOLS - IS GIVING
CYBERCRIMINALS LEVELS OF
ACCESS AND CONTROL THAT NOT
LONG AGO WOULD HAVE BEEN
THOUGHT UNIMAGINABLE
James Dyer, Egress: threat actors are now
rubbing their hands with glee.
New research warns that, in 2024, QR
code hacks or 'quishing' will increase;
use of AI to create content for spam
emails including deepfakes will rise; highly
personalised social media mining will grow
further; and a wide array of file types and
formats - especially EML - will be used to
propagate phishing and malware attacks.
Such is the warning from James Dyer, threat
intelligence lead at Egress. How can we guard
against such attacks?
"As we share our lives on the internet, threat
actors are rubbing their hands with glee," he
says. "Concerns continue to grow about the
volume of personal details readily available on
social platforms, as well as how cybercriminals
can use generative AI tools to exploit this
data. Cybergangs have increasingly turned to
open-source intelligence (OSINT) for cyber
surveillance, using social media sources to
deep dive [with very little time and cost] into
an individual's job role, social connections and
personal interests, with the intention of
creating hyper-personalised phishing emails
that persuade recipients to reveal sensitive
information or transfer funds."
Unequivocally, AI tools and chatbots have
sped up the process between reconnaissance
and attack, he adds. "Threat actors have
been able to automate the analysis of data
collected through OSINT and social media to
quickly tailor phishing emails with convincing
personalisation. Our recent research reinforces
the concerns cybersecurity teams have,
as 61% of cybersecurity leaders are losing
sleep over AI chatbots being used to create
phishing campaigns, plus 63% are specifically
concerned about deepfakes."
To safeguard data, a clear first step is to
conduct a self-assessment through basic
OSINT techniques. "Search your
name, usernames and images
online to gauge the extent of your
digital footprint," advise Dyer.
"Depending on your findings, consider
adjusting your social media privacy
settings to limit attackers' access to personal
information. With the growing threat of
deepfakes, it is also good to be cautious
about sharing videos online to prevent
potential exploitation of your voice.
"When taking practical steps to minimise
possible attack routes, it is sensible to reduce
the number of email newsletters you sign
up for and make sure unused social media
accounts are deactivated. Ultimately, attackers
can't use your data if there is less of it readily
available to steal."
ON THE DEFENCE
John Scott, lead cyber security researcher at
CultureAI, is in agreement that the rise of
generative AI, deepfakes and QR phishing
has undeniably diversified and evolved the
threat landscape. "While the volume and
sophistication of the attacks may increase,
the underlying principles of these attacks
remain unchanged. This means that defensive
strategies can also equally stay largely the
same. While it sometimes may feel like we are
under siege, it's important to remember that
this is the new normal.
"The immense benefits the internet provides
are not without cost. As new technologies
appear, cybercriminals will seek to exploit
them for their benefit. We are now all
navigating a complex world where caution
and vigilance are essential. As technical
defences strengthen and are switched on by
default, cybercriminals attack by exploiting
our sense of urgency, pushing people for
14
computing security May/June 2024 @CSMagAndAwards www.computingsecurity.co.uk