We are seeing a shift in the cybersecurity sector as attackers continue to refine their techniques and create innovative new ways to target businesses and individuals.
The emergence of AI tools can be a force for good, of course, but in the wrong hands they can create new risks. In a recent survey of 1,500 IT specialists, Blackberry found that 71% of respondents believe that foreign states are likely to be using ChatGPT already for malicious purposes against other nations, for example.
Just recently, we saw evidence of a new generative AI cybercrime tool called WormGPT being advertised on underground forums as a way to launch sophisticated phishing and business email compromise (BEC) attacks. Such tools in the hands of experts is a concern, but AI has the potential to lower the ‘skill floor’ for cyber criminals. This means that even relatively amateur attackers could start to use this technology to create malware. What’s clear is that you don’t need to be an expert anymore.
Rise in browser-based threats
With these developments, and with the growing frequency and sophistication of web browser threats, the industry needs to keep up to enable them to fight fire with fire. However, it seems
many legacy security vendors are fighting the battle with network security and endpoint products that are no longer fit for purpose.
By leveraging the web browser as the attack vector, threat actors are effectively rendering a decade or more of security investments redundant. Secure web gateways, firewalls, endpoint security and other solutions are all unable to observe and therefore respond to what’s happening in the browser.
Those traditional tools that many businesses continue to rely on simply aren’t equipped to combat new advanced browser-based threats – and threat actors know this.
It’s a trend we have seen evolving over time. A 2022 survey of IT decision makers in the US and UK showed that more than half of enterprises encounter advanced web threats at least once a month. More worrying is that 45% of organisations also admit they had failed to add any capabilities to their security stacks over the same period of time.
Evolving AI powered technologies
We just cannot afford to stand still as an industry. Just as threat tools and techniques have evolved, so too have the technologies available to combat them – and they must be embraced.
Here at Menlo Security, we have recently developed new technology capable of detecting and blocking phishing and ransomware attacks before they can infiltrate the corporate network, using AI-powered techniques to accurately determine in real time if a link being accessed is a phishing site designed to steal a user’s credentials.
With the technology, we can also perform continual analysis of web traffic, applying AI/ML-powered classifiers that identify the presence of highly evasive attacks. We can deliver timely, actionable alerts for security teams to help them reduce the time to detect and respond to any threats targeting users.
It’s an important step forward. But as an industry, we must keep evolving the technology. The question is whether we can continue to stay one step ahead?
By Brett Raybould, EMEA Solutions Architect, Menlo Security
Author details:
Brett Raybould is EMEA Solutions Architect at Menlo Security, a leader in browser security. In this role, he is responsible for technical sales, product demonstrations, installations, solution proposals and evaluations. Brett joined Menlo Security in 2016 and discovered how Isolation technology provides a new approach to solving the problems that detection-based systems continue to struggle with. Passionate about security, Brett has worked for over 15 years for some of the leading vendors specialising in the detection of inbound threats across web and email, and data loss prevention (DLP) including FireEye and Websense.
