An in-depth look at the role of AI in today's email threats

How are cybercriminals leveraging AI to bypass IT security?

Email is still the primary risk surface for threat actors, and phishing is the number one means of attack. Email is the doorway into our systems and data. Cybercriminals are using generative AI (GenAI) to create targeted phishing campaigns using social engineering to make attacks more specific to the individual targeted. GenAI makes phishing much easier to scale and removes the language barrier for criminals targeting businesses all over the world.

Top ways criminals are using AI

Phishing (including QR code phishing)
Malware generation
Deepfakes
Content localization
Access and credential theft

AI-generated attacks tend to come with better evasion, unlike phishing emails in the past. Some of the tactics they’re employing include impersonating parties that the victims have already had previous transactions with. This allows them to act like they’re continuing the conversation to catch them off-guard. GenAI can help attackers profile their victims before initiating their attack, allowing them to personalize their phishing attempts.

How can we detect and protect against these novel AI-powered threats?

We need to deploy AI to fight AI, as basic gateway protection is no longer sufficient. The earlier in the attack chain that AI can be used in detecting the threat, the better. If we can identify suspicious or anomalous behavior before a breach occurs, we better our chances of preventing threat actors from stealing data, locking out systems, and submitting a ransom.

What steps is Barracuda taking to help MSPs detect AI threats earlier?

A lot of technologies out there are aimed at the enterprise level. They’re often not multi-tenanted, making them unsuitable for managed service providers (MSPs).

Barracuda has a lot of experience in the field of cybersecurity, and today’s attacks are much more complex. It is often touching multiple attack vectors. Therefore, to help MSPs, they need to take a depth-of-field approach to cybersecurity and cover a wide range of disciplines for maximum efficacy. It all can look like a lot to manage for an MSP, which is why partnering up with a security operations center (SOC) gives you the extra resources and a quicker resolution time when managing incidents and alerts.

Questions about AI-powered security

Here are some top questions that were addressed in the webinar:

Q: How does AI effectively prevent unauthorized access?

A: AI can start getting to work, actively looking for suspicious behavior, before a breach occurs. It can also take actions to quarantine, respond, and remediate, given the workflow protocols that we set. Furthermore, the AI can identify areas to focus on for user training. In partnership with the SOC, trends that you might find affecting one of your client sites can fuel the intelligence across all of your sites.

Q: How can AI-driven email security reduce alert noise and limit false positives?

A: It’s a fine balance between being transparent and reducing the amount of traffic that comes the MSP’s way. The idea is that by using machine learning and fine-tuning it through the SOC, the number of false positives should be reduced. Which, in turn, should reduce the alert fatigue for the MSP, while improving the efficacy of the product.

Q: Privacy: How can we ensure AI and machine learning technology keep customer data private?

The technology must be able to demonstrate that their AI uses aggregated data, and does not have access to individual’s emails, to protect their privacy. The data modeling must be compliant with general data protection regulation (GDPR) or other regional regulations if you’re operating outside the UK.

Watch the on-demand webinar to learn how, as an MSP, you can leverage AI-powered technologies to combat the ever-evolving threat landscape.

Note: This was originally published at Tubblog

Photo: Jirsak / Shutterstock

Categories

Tags

Archives

An in-depth look at the role of AI in today’s email threats