Gerasim Hovhannisyan, CEO and Co-Founder atEasyDMARC, a rapidly growing B2B SaaS to solve email security and deliverability problems.
In part, because hybrid and remote workplaces are the new normal for most companies, the sophistication of cyberattacks and the risks they pose have grown rapidly over the last few years. In fact, these new work styles have opened up a whole new set of phishing methods for threat actors.
According to Cybersecurity Ventures, global cybercrime is expected to grow by 15% per year over the next five years, costing about $10.5 billion by 2025.
Cyberspace is massive. Even though hundreds of IT experts analyze threats daily, it is a daunting task. The need for new, faster and more efficient technology arises since the human capacity to respond to emerging threats is limited. One potential solution lies in the world of artificial intelligence (AI). In this article, I’ll review a few common attack methods and how AI solutions can work against cyberattacks.
Cybercriminals register thousands of lookalike domain names, disguising themselves as reputable brands or trusted personnel and tricking victims into submitting sensitive credentials or performing financial transactions. In this instance, cyber actors register a domain similar to that of the targeted company. They alter the URL name and create fake websites and email addresses by adding characters or replacing a single letter. (For instance, “1” for “l” and “0” for “o.”) They may also use a series of letters like “vv” for “w” and “rn” for “m.”
Typosquatting is another common tactic designed to trick the eye. Think of it as if someone registered “gooogle.com” instead of “google.com” or “yahooo.com” instead of “yahoo.com.”
Defending your organization from lookalike domain attacks can be difficult. Automation, machine learning and AI, brand protection solutions have evolved to offer:
• Tailored algorithms to sift through datasets and identify suspicious activity and malicious domains impersonating real companies.
• Edit-distance and image-based techniques to pinpoint lookalike domains of a real company.
• Automated triggers that deal with threats swiftly before major damage occurs.
Name spoofing is when a cybercriminal uses a fake display name to impersonate a legitimate business or individuals. Most email providers let users edit their display names, so it’s easy for hackers to trick victims into believing an email is legitimate. When emails are read on mobile phones, name spoofing can be even harder to detect.
Cybercriminals use name spoofing for crimes like account takeovers, whaling and CEO fraud. A successful name-spoofing attack can result in financial loss, reputational damage and compromised security. AI solutions can combine predictive threats intelligence, machine learning and advanced content analysis to detect name-spoofing attacks. The machine creates a baseline for regular email traffic, and any email that deviates from this baseline is considered abnormal and malicious.
URL phishing is a growing threat where cyber actors create a legitimate-looking website to trick their victims into submitting sensitive login credentials. Cisco’s 2021 Cybersecurity Threat Report claimed that at least one employee in around 86% of organizations clicked on a phishing link.
Different deep learning-based and machine-learning methods have been introduced to safeguard against URL phishing. One of the ways AI can detect URL phishing attacks is by using deep neural networks to find abnormal patterns in URLs. This way, AI raises the alarm and draws attention to suspicious URLs, stopping cybercriminals in their tracks.
In order to combat these cyberthreats, AI solutions can utilize machine learning and recurrent neural networks. Interconnected neurons fire together when detecting patterns in data that typically represent phishing websites. Benign and phishing URLs are collected to create a dataset and identify content-based features. Together with supervised machine learning, the probability of a website being legitimate or malicious is determined.
All companies are at risk of being attacked by cyber actors. Lookalike, name spoofing and phishing attacks can target any industry, including public administration, healthcare, pharmaceuticals, insurance, research and retail. When it comes to lookalike and name spoofing, AI solutions continuously check the domain and display names landing in the organization to find hidden patterns indicating the company may be undergoing spoofing attacks.
In the case of phishing URL detection, for example, the algorithm can be trained on millions of phishing samples. As a result, it detects phishing URLs based on thousands of features extracted from a single URL in high dimensional space. It is hard for humans to imagine four- or five-dimensional space since the world appears three-dimension to the human eye, but AI can look into a thousand-dimensional space and make conclusions based on it.
Despite the benefits, implementing functional AI solutions with high accuracy is a challenge for most companies. In order to do so, companies should consider these best practices.
1. The AI model must be trained on real-world data from production. Companies should start the data collection long before the development of the AI solution.
2. Companies should monitor how the character of data changes over time. A pandemic or climate change can be a change worth tracking.
3. Companies should develop and use explainable AI techniques. Only explainable AI is capable of not only finding the phishing attacks but also reasoning the source of the decision.
The cyberattack space is getting massive, and it keeps growing. Analyzing organizational threats is beyond mere human intervention. Companies need emerging technologies to support security teams. AI in cybersecurity is still new, but the capacity to learn new things, make informed decisions and improve models is unmatched, as it can analyze a vast amount of information and provide the data that security professionals need to enhance security and protect against cyberattacks.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?