Security experts air concerns over hackers using AI and machine learning for phishing attacks

Security experts share views on risk of artificial intelligence being re-purposed by hackers for phishing attacks

The next 12 to18 months will see an acceleration in the adoption of machine learning by hackers in an attempt to carry out increasingly sophisticated phishing attacks, it is claimed.

Anup Ghosh, chief strategist for next-generation endpoint at Sophos, made the prediction during a panel session at the NetEvent’s Press and Analyst Summit on 28 September, where he outlined the potential for machine learning to help craft compelling content for phishing campaigns.

“You can use machine learning to craft really good campaigns, whether it’s for Twitter, Facebook or email, to get humans to click on links. The evidence is out there that machine learning is far better at crafting emails and tweets that get humans to click on these,” he said.

In order for enterprises and security suppliers to remain on the front foot with hackers, they will also need to incorporate machine learning and artificial intelligence (AI) into their cyber security strategies, creating what Ghosh terms an “AI on AI” situation.

“Security companies that fight these bad guys will also have to adopt machine learning. Now you have an AI on AI scenario, and it will propel us forward to adopt machine learning for real time,” he said.

Where the technology comes into its own for enterprises is in the detection of cyber threats, he said. “The volume of data that’s available on certain types of threats like malware is effectively infinite,” he added.

Continue reading…