Artificial intelligence (AI) has long served as an equalizer in cybersecurity. Hackers possess an inherent advantage in deploying cyberattacks, including when, where, how, and who to strike. But AI has enabled organizations to become proactive in preventing, detecting, and responding to email threats and other forms of cyberattacks. It’s no surprise that forecasts predict the global market for AI in cybersecurity will reach $133.8 billion by 2030.
While AI tools continue to make headlines for their promising capabilities, a more ominous reality could emerge. The same tools that afford organizations protection from cyberthreats also give hackers the ability to launch more frequent, ambitious, and sophisticated attacks. Even without considering the enhancing effects of AI, the World Economic Forum forecasts cybercrime to be among the top 10 global challenges over the next two and 10 years, joining natural disasters and extreme weather events.
In this article, we examine how hackers are using AI to deploy email threats, and the four features your AI-based cybersecurity solutions need to provide effective protection.
In Q4 2022, Vade researchers uncovered the ability for ChatGPT—the chatbot introduced by Artificial Intelligence (AI) research company OpenAI—to develop sophisticated phishing kits. By inputting a series of short commands into ChatGPT, the AI tool generated phishing templates and malicious code within seconds.
Phishing email templates produced by ChatGPT
The finding demonstrates an important and malicious use case of AI. It means that operators of phishing-as-a-service (PhaaS) businesses can weaponize AI tools to create new products with remarkable efficiency, enabling them to accelerate production, serve more clients, and scale their businesses.
Meanwhile, the enhancing effect of AI also lowers the barriers-to-entry for aspiring PhaaS founders by minimizing the need for specialized knowledge and skills, leading to more PhaaS operations, supply of phishing kits, and cybercriminals in general. And this example serves as one use case among many in which AI offers value to hackers.
The previous example may help explain why, despite email threats getting more sophisticated, phishing and malware volumes have continued to steadily increase. Confirming this trend is an analysis of phishing and malware threats detected by Vade over the past seven years. Between 2016 and 2022, Vade has detected a sharp increase in phishing volumes, with levels surpassing 1 billion emails in each of the past two years (1.2 billion in 2021 and 1.1 billion in 2022) and totals from 2020 (283 million), 2019 (310 million), 2018 (867 million), 2017 (125 million), and 2016 (58 million).
Annual phishing volumes since 2016
And the trend isn’t exclusive to phishing. Vade has also detected a steady rise in malware volumes since 2019. Malware levels have climbed from 103 million in 2019, to 150 million in 2020, 160 million in 2021, and 236 million in 2022.
Annual malware volumes since 2016
Clearly, AI can benefit hackers by increasing their efficiency in creating and deploying cyberthreats. Yet other studies reveal that hackers can use AI to identify IT security vulnerabilities, develop new evasion techniques for malware, and more.
The weaponization of AI clearly raises the bar for all organizations to maintain their security posture, especially managed service providers (MSPs) and small-to-midsized businesses (SMBs). While AI is an essential cybersecurity measure, its effectiveness depends on multiple factors that many “AI-based” cybersecurity solutions do not possess.
Organizations will need to look past these solutions to the cybersecurity products that create the conditions necessary for AI to demonstrate its full potential. Here are four factors that are necessary for AI to provide optimal protection against today’s and tomorrow’s email threats.
To protect against all types of email-borne threats, your business needs a core set of AI algorithms. This includes Machine Learning to scan the different features of email threats, links, and attachments; Computer vision to analyze email- and webpage-based images for anomalies; and Natural Language Processing (NLP) to detect the subtle grammatical and stylistic choices in text to identify potential threats used in business email compromise (BEC) attacks.
Together, these algorithms can provide multi-layered protection against all forms of phishing, malware, and spear phishing, yet their effectiveness depends on three other factors.
AI can process information at a speed and scale beyond our capabilities and catch features that bypass human detection. Still, its effectiveness depends on contributions from experts. This includes data scientists, who create the algorithms examined previously. It also includes threat analysts, who identify threats and non-threats and control the quality of data that AI learns from. Both parties determine the effectiveness of AI in cybersecurity, yet neither are typically considered when it comes to evaluating cybersecurity products.
While AI needs data scientists and threat analysts, it also needs contributions from users. Because users interact with emails daily, they are an important source of new threat intelligence. They need the ability to report suspicious interactions and potential threats for analysts to investigate and data scientists to use. In this way, users help strengthen the accuracy of AI algorithms in filtering new email threats.
AI needs data to learn. While quality is necessary, so is quantity. The larger, more representative, and more current the dataset from which AI learns, the more accurate and effective it can become.
While AI is necessary for adequate cybersecurity, it alone doesn’t guarantee protection. Four factors fuel the capabilities of AI, which organizations must consider when evaluating cybersecurity solutions.
Vade for M365 is an integrated, low-touch solution for Microsoft 365 that is powered by AI and enhanced by people. Vade for M365 provides advanced AI-powered cybersecurity that leverages Machine Learning, Computer Vision, and NLP; threat intelligence from more than 1.4 billion mailboxes globally; millions of daily user reports; and contributions from data scientists and threat analysts.