As we look ahead to 2023, it's clear that artificial intelligence (AI) will continue to shape the cybersecurity landscape, especially when it comes to phishing. Advancements in AI technology, such as the availability of ChatGPT and similar offerings, will enable attackers to launch more sophisticated and targeted attacks. At the same time, security vendors will work to develop new detection methods to counter these threats. In this article, we'll explore seven predictions for how AI will impact cybersecurity in the coming year.

Top Predictions

Attacker Adoption of AI

Attackers will continue to use AI with adoption increasing dramatically thanks to ChatGPT and similar offerings entering the market, as well as ChatGPT augmented services and browser plug-ins. And there will be new AI-enabled phishing kits on the black market, all of which will enable attackers to:

1. Write better, more convincing phishing emails (in multiple languages), but they’ll be able to use APIs to automate the creation of phishing emails, personalized/targeted emails, and polymorphic emails. The result: increased phishing volume and higher success rates.
2. Use tools like ChatGPT to create code to develop more authentic-looking landing pages such as login pages for Microsoft 365, Google Workspace, or login pages for industry-specific services like real estate, legal, healthcare, and higher education. The result: higher click-through rates on fake landing pages, and exposure of valuable credentials that can be immediately used in account takeovers.

AI Detection Countermeasure Models

As #1 happens, security vendors will create new or expand upon existing capabilities to detect the use of AI-based writing, visual, and voice-based deepfake tools.

BEC and Ransomware

BEC and Ransomware attacks will continue to grow in frequency and complexity. Socially engineered BEC attacks, often without a malicious link or attachment, were already challenging for traditional secure email gateways (SEGS) to detect and stop. As attackers use AI (see above) to scale the quality and volume of their BEC attacks, more enterprises will fall victim to related financial losses. Impersonation email attacks with ransomware cargo (via links or attachments) will also see higher successes with AI-aided socially engineered content.

Phishing Attacks outside of email will become a unique category in mainstream industry security and analyst research reports

Given the exploding rate of phishing attacks outside of email, security researchers and analyst firms will begin to track and report on these attacks taking place in messaging platforms (Telegram, WhatsApp), collaboration platforms (Teams, Slack), and social media platforms (LinkedIn, Twitter).

Threat actors shift their focus on bypassing Microsoft and Google email security technologies

Phishers have mastered the art of bypassing Secure Email Gateways and will focus their attention to doing the same against native controls available with cloud email security solutions such as Office 365 and Google Workspace.  Microsoft and Google will make incremental improvements in their defensive capabilities, but the use of third-party anti-phishing solutions as an additional layer of protection will continue to grow.

Hackers Get Personal

Hackers will increasingly target users’ personal email with call-to-action messages associated with social media (Account status suspended, click here to reactivate, student loan forgiveness, etc.) in the hopes that users will access personal email at work. They will then use these attacks to move laterally across the enterprise network.

FIDO Adoption

Email- and SMS-based multifactor authentication (MFA) will become much less effective as hackers leverage kits to intercept challenge responses, requiring the adoption of FIDO-based Authentication. Look for increased widespread use of FIDO U2F (Universal Second Factor) physical security keys from companies like Yubico, Thetis, and OnlyKey.