Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Defending Against ChatGPT-Enhanced Phishing with Managed Detection and Response

Phishing, already a serious, ever-present threat, is getting even more pernicious thanks to ChatGPT, which enables threat actors to craft more realistic emails. Clearly, organizations need a way to fight back that recognizes the depth of the threat, including by employing managed detection and response services.

Nearly three-quarters of all breaches involve a human element, usually starting with an employee falling for a phishing attempt or the related business email compromise (BEC), according 2023 Verizon Data Breach Investigations Report.

And that figure may be conservative. It’s not hard to find stories stating 90% or more of breaches involve phishing. But as far as we can tell, the 90% figure dates back to at least 2016. It’s one of those stats that’s so good people keep using it, no matter how old the source (if you can even determine the source) or whether it’s still true. Makes you wonder how good the rest of their data is, doesn’t it?

 

The Extent of the Problem

 

Here are some more recent and reliable figures:

  • 74% of all breaches include the human element, including error, stolen credentials, and social engineering, according to Verizon.
  • Eight out of 10 organizations had at least one individual who fell victim to a phishing attempt by Assessment teams from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), according to this February 2023 infographic.
  • One out of 10 phishing emails sent by CISA Assessors succeeded in enticing a user to execute a malicious attachment or interact with a malicious link.
  • 70% of all attached files or links containing malware were not blocked by network border protection services, CISA reported.
  • Email makes up 98% of the vectors for phishing or pretexting incidents, the latter of which is a form of social engineering attack used in business email compromise, according to the Verizon report.
  • Pretexting is involved in 60% of social engineering attacks and phishing in 44%, although phishing is generally more successful, Verizon reports.

The point is, attacks involving fake emails are already highly successful, but ChatGPT promises to make them even more so. As our recent blog post pointed out, ChatGPT enables threat actors to easily write more convincing emails by cleaning up grammatical mistakes, typos, and other tell-tale signs of bogus emails. With such a helping hand at threat actors’ disposal, it’s not hard to envision CISA’s 1 out of 10 figure going up.

 

Phishing Leads to Insidious Attacks

 

In terms of mounting a defense, on the BEC front your best bet is plenty of staff training on the issue along with an email security tool that can identify potentially dangerous emails up front, before the recipient even sees it. That’s where a solution like Trustwave MailMarshal can help.

A successful phishing attack, however, creates a more insidious problem. Phishing is all about deception, and fooling an employee into giving up their authentication credentials can have crippling consequences. It means an intruder now has legitimate credentials that can be used to infiltrate your network.

Such an intrusion sets off no alarm bells. With authentic credentials, the intruder can log in to various resources just as an authorized employee can, without triggering endpoint detection and response alerts. Even the victim is unaware of what happened.

Phishing may also be used to trick a user into clicking on a link that launches malware. Here again, the user is likely unaware anything is wrong, and now malware is loose on the network doing whatever it is designed to do – including collecting even more privileged user credentials to siphon sensitive data or launch a ransomware attack.

Once an intruder gains access to your network, it’s not uncommon for them ferret around for days or weeks to find out where valuable data is stored – and then launch ransomware to target it.

 

Defend Against Phishing with MDR

 

Detecting this sort of anomalous behavior requires a layered, defense-in-depth approach.

 An MDR service is a great active defense option. Chances are the intruder will eventually trigger some sort of seemingly benign alert or leave tell-tale signs while rummaging around your network. The question is whether your security team will be able to identify the signs for what they are: an advanced persistent threat (APT) that can result in significant damage.

It takes advanced solutions like an MDR service along with hard-won expertise to hunt for and identify threat actor behavior, correlate security alert activity, follow small clues that indicate an APT, and thwart it before damage is done.

That’s what Trustwave MDR brings to bear, encompassing decades of experience, patent pending tools, and an extensive proprietary threat intelligence database. That database is curated by the Trustwave SpiderLabs team, a global industry recognized group of cybersecurity researchers, malware reverse-engineers, advanced threat hunters, penetration testers, digital forensic investigators and cyber threat operators. The threats they uncover instantly become available to all MDR customers, effectively making SpiderLabs a valuable extension of an organization’s security team.

Generative AI (GenAI) models like ChatGPT are a powerful new tool that threat actors are actively employing. It only makes sense that companies adopt new methods to defend themselves. Gartner expects managed detection and response use to double to 60% of all organizations by 2025 as companies realize the value of “threat disruption and containment capabilities delivered directly by MDR providers.” Learn more about how MDR can help you mount a defense that’s equal to the task.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More