Email Security Predictions For 2023
As we look ahead to 2023, it's clear that artificial intelligence (AI) will continue to shape the cybersecurity landscape, especially when it comes to phishing. Advancements in AI technology, such as the availability of ChatGPT and similar offerings, will enable attackers to launch more sophisticated and targeted attacks. At the same time, security vendors will work to develop new detection methods to counter these threats. In this article, we'll explore seven predictions for how AI will impact cybersecurity in the coming year.
Top Predictions
Attacker Adoption of AI
Attackers will continue to use AI with adoption increasing dramatically thanks to ChatGPT and similar offerings entering the market, as well as ChatGPT augmented services and browser plug-ins. And there will be new AI-enabled phishing kits on the black market, all of which will enable attackers to:
- Write better, more convincing phishing emails (in multiple languages), but they’ll be able to use APIs to automate the creation of phishing emails, personalized/targeted emails, and polymorphic emails. The result: increased phishing volume and higher success rates.
- Use tools like ChatGPT to create code to develop more authentic-looking landing pages such as login pages for Microsoft 365, Google Workspace, or login pages for industry-specific services like real estate, legal, healthcare, and higher education. The result: higher click-through rates on fake landing pages, and exposure of valuable credentials that can be immediately used in account takeovers.
AI Detection Countermeasure Models
As #1 happens, security vendors will create new or expand upon existing capabilities to detect the use of AI-based writing, visual, and voice-based deepfake tools.
BEC and Ransomware
BEC and Ransomware attacks will continue to grow in frequency and complexity. Socially engineered BEC attacks, often without a malicious link or attachment, were already challenging for traditional secure email gateways (SEGS) to detect and stop. As attackers use AI (see above) to scale the quality and volume of their BEC attacks, more enterprises will fall victim to related financial losses. Impersonation email attacks with ransomware cargo (via links or attachments) will also see higher successes with AI-aided socially engineered content.
Phishing Attacks outside of email will become a unique category in mainstream industry security and analyst research reports
Given the exploding rate of phishing attacks outside of email, security researchers and analyst firms will begin to track and report on these attacks taking place in messaging platforms (Telegram, WhatsApp), collaboration platforms (Teams, Slack), and social media platforms (LinkedIn, Twitter).
Threat actors shift their focus on bypassing Microsoft and Google email security technologies
Phishers have mastered the art of bypassing Secure Email Gateways and will focus their attention to doing the same against native controls available with cloud email security solutions such as Office 365 and Google Workspace. Microsoft and Google will make incremental improvements in their defensive capabilities, but the use of third-party anti-phishing solutions as an additional layer of protection will continue to grow.
Hackers Get Personal
Hackers will increasingly target users’ personal email with call-to-action messages associated with social media (Account status suspended, click here to reactivate, student loan forgiveness, etc.) in the hopes that users will access personal email at work. They will then use these attacks to move laterally across the enterprise network.
FIDO Adoption
Email- and SMS-based multifactor authentication (MFA) will become much less effective as hackers leverage kits to intercept challenge responses, requiring the adoption of FIDO-based Authentication. Look for increased widespread use of FIDO U2F (Universal Second Factor) physical security keys from companies like Yubico, Thetis, and OnlyKey.
We provides a SelfLearning NexGen User-Friendly platform combining AI and HumanInsights (HI) along with providing a number of advanced detection techniques for such Impersonation attempts, Polymorphic Attacks, Phishing, Fake Login, SocialEngineering, AccountTakeover, and URLs Links detection using ComputerVision Technology, 50+ engines scanning for advance MalwareDetection BEC Anomaly Detection using Natural Language Processing and offers a multi-layered approach, all combined with our Award Winning MLearning and AI-powered IncidentResponse and Virtual SOC remediating these attacks at the Mailbox level. SRC Cyber Solutions LLP in India provides the most comprehensive Mailbox Level Protection. If you want to know more kindly Click here