Rising Wave of AI-Powered Phishing Threats Predicted for 2024
As technology continues to advance, the new year brings both excitement and concerns over cybersecurity. Cybersecurity experts are predicting a rising wave of artificial intelligence (AI)-powered phishing threats in 2024, particularly due to the wider availability of powerful tools. These threats have the potential to cause significant harm to individuals and businesses, as social engineering and phishing tactics become more sophisticated.
Andrew Shikiar, the Fast Identity Online (FIDO) Alliance’s executive director and chief marketing officer, warns that AI will greatly enhance the effectiveness and scale of these attack vectors. Social engineering is already responsible for the majority of attacks, and fraudsters across the globe can now generate word-perfect phishing attacks that are nearly impossible to detect. This will be the biggest AI-driven security threat of the year, with a recent study showing that over half the population has already experienced an increase in suspicious messages and scams.
Eric Skinner, vice president of market strategy at cybersecurity firm Trend Micro, also predicts a widespread escalation in AI-powered phishing threats in 2024. The use of advanced large language models (LLMs) poses a significant threat, as they can generate phishing content in any language and eliminate traditional indicators of phishing, such as odd formatting or grammatical errors. Businesses need to go beyond conventional phishing training and adopt modern security controls to counter these tactics.
Trend Micro expects generative AI to further fuel the phishing market by enabling the creation of hyper-realistic audio and video content. This will give rise to new forms of scams, including business email compromise (BEC) and virtual kidnapping. To address these emerging threats, the adoption of zero-trust policies is recommended, which require authentication and validation at each step to ensure greater security.
Locally, cybersecurity incidents continue to pose a significant challenge for Malaysian companies. A survey conducted by Cloudflare revealed that more than half of the companies surveyed experienced over 10 cybersecurity incidents between November 2022 and November 2023. The most common intrusions were web attacks, phishing, and BECs. These incidents had a financial impact for many companies, with nearly half reporting losses of at least US$1 million.
Surfshark, another cybersecurity firm, ranked Malaysia as the eighth most breached country between July and September 2023. A total of 494,699 compromised accounts were reported during this period. Data breaches were prevalent in sectors such as government, telecommunications, education, and retail. The telecommunications sector accounted for the largest amount of leaked data.
To address these challenges, CyberSecurity Malaysia recommends a comprehensive assessment of government agencies’ web and hosting infrastructure, data centers, and internal systems. Increased funding and a proactive cybersecurity approach are also necessary.
In conclusion, the rise of AI-powered phishing threats in 2024 poses significant risks to individuals and businesses worldwide. To combat this growing problem, it is crucial for organizations to invest in non-phishable solutions, adopt zero-trust policies, and stay updated on the latest cybersecurity measures. Protecting sensitive information and combating cyber threats should be a top priority for both individuals and businesses moving forward.
