One Article Review
| Source |  knowbe4 |
|---|---|
| Identifiant | 8322503 |
| Date de publication | 2023-03-28 13:00:00 (vue: 2023-03-28 13:06:26) |
| Titre | Cyberheistnews Vol 13 # 13 [Oeil Overner] Comment déjouer les attaques de phishing basées sur l'IA sournoises [CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks] |
| Texte |
CyberheistNews Vol 13 #13 | March 28th, 2023
[Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks
Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.
"A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation.
"This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection."
Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails.
"Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here."
Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures.
"Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it.
"Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'"
New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture.
Remember: Culture eats strategy for breakfast and is always top-down.
Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing
|
| Envoyé | Oui |
| Condensat | #13 #13 000+ 100 1452 150 1519 1564 1616 18th 2019 2020 2021 2022 2023 28th 2:00 63100 637 96332de4 :https://blog :https://krebsonsecurity :https://www :https://youtu about about: absolutely access accomplished according account act acting action active activity actor actors actual actually adapt added adding addition additionally address advanced affiliate after again against agency:https://therecord aggressively ahead akamai alert all allows along although always amazing ammo anatomist angle angles another answer antarctica anti any anymore anyone anything anytime anywhere app appear appears approach april architect are area aren around article ask ask: asked asking asks aspects athletes:https://www attachment attack attacker attackers attacks attacks: attacks:https://www attempt attempts attention authentication authentication: author authority autorun avanan average avoid award aware awareness awarness awesome baby back bad bait bank barrier based basic basically battleship be/4nr1agifaji be/mgr3h6ktntc be: bec because become been before before:https://www begin being benchmarking benefits best better between big biggest bird:https://www blips blog bloghttps://blog bomb bonus book boot boredpanda boss botanist breaches/chatgpt breaches/nonprofit breachforums break:https://youtu breakfast budget builds built bunnies bureau business businesses but button bypass campaign can capabilities capable capacity capsules captivating car:https://www carry cartographer case cases cat caught cause celebrities celebrity center century ceoknowbe4 certain certainly challenging chance:https://www change changes changing chango charge chatbots chatgpt check check: checks chief chn choosing cio circumstances ciso claim claiming claims clear click clicked clicking client close cockatoo code codes com/2023/03/21/qr com/2023/03/feds com/analysis/risk com/articles/chatgpt com/attacks com/blog/security/defeating com/blog/the com/comprehensive com/cyber com/cyberheistnews com/en/blog/silicon com/hacking com/identifying com/knowbe4 com/old com/operations/research com/resources/rp com/sites/forbestechcouncil/2023/03/21/why com/the com/users com/watch com/wcc/r/4145100/57c034348c5523e4f556f1190504feec com/when com/women combo come comes company compare compared compelling complaint complicated comprehensive compromise compromised compromises computers conal concentrate concise conducting confident connection consider content context continually continued contrary controls convincing corporate correct correctly course court courts cover coverage coverages covering covers craft creating crime critical csn cso culture customers cyber cybercrime cyberheist cyberheistnews cybersecurity danger darkreading data date/time: day ddos debuts decades december defeating defender defenders defense defenses demand demo depth designed desktop details developing device devices did differences directly director directory discusses dmarc does doesn doing domains don dos doubled doubling dovetails down drive driven due easily easy eats ecuador ecuadorian educate educated educating effective efficiently either elements elephant elevator eliminating email emails emphasis employ employee employees enabled enabler enabler:https://www enables encounter encourage end engage engagements engaging engineer engineering enisa enormous enough ensure enterprise entertaining enticing entire entirely entirety entry envelope equation essence etc european evangelist even evolving exactly excellent executive expected experience experienced experimenting explains explosive exponential expose exposed expression extortion extracting extreme extremely eye face fact failure faith falling falls:https://www familiar family family:https://www fascinating fast fave fbi feature features federal feds female fills filters finance financial find finding firewall firmware first flash flexera flight flixxy focus follow following forbes forensic form formed fraud fraudulent free freedom fresh from fuchs fueled fun fundamental future futuristic gallagher game gap gear/ gear:https://www general |
| Tags | Ransomware Malware Hack Tool Threat Guideline |
| Stories | ChatGPT ChatGPT |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.