Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Defending Against ChatGPT-Enhanced Phishing with Managed Detection and Response

Phishing, already a serious, ever-present threat, is getting even more pernicious thanks to ChatGPT, which enables threat actors to craft more realistic emails. Clearly, organizations need a way to fight back that recognizes the depth of the threat, including by employing managed detection and response services.

Nearly three-quarters of all breaches involve a human element, usually starting with an employee falling for a phishing attempt or the related business email compromise (BEC), according 2023 Verizon Data Breach Investigations Report.

And that figure may be conservative. It’s not hard to find stories stating 90% or more of breaches involve phishing. But as far as we can tell, the 90% figure dates back to at least 2016. It’s one of those stats that’s so good people keep using it, no matter how old the source (if you can even determine the source) or whether it’s still true. Makes you wonder how good the rest of their data is, doesn’t it?


The Extent of the Problem


Here are some more recent and reliable figures:

  • 74% of all breaches include the human element, including error, stolen credentials, and social engineering, according to Verizon.
  • Eight out of 10 organizations had at least one individual who fell victim to a phishing attempt by Assessment teams from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), according to this February 2023 infographic.
  • One out of 10 phishing emails sent by CISA Assessors succeeded in enticing a user to execute a malicious attachment or interact with a malicious link.
  • 70% of all attached files or links containing malware were not blocked by network border protection services, CISA reported.
  • Email makes up 98% of the vectors for phishing or pretexting incidents, the latter of which is a form of social engineering attack used in business email compromise, according to the Verizon report.
  • Pretexting is involved in 60% of social engineering attacks and phishing in 44%, although phishing is generally more successful, Verizon reports.

The point is, attacks involving fake emails are already highly successful, but ChatGPT promises to make them even more so. As our recent blog post pointed out, ChatGPT enables threat actors to easily write more convincing emails by cleaning up grammatical mistakes, typos, and other tell-tale signs of bogus emails. With such a helping hand at threat actors’ disposal, it’s not hard to envision CISA’s 1 out of 10 figure going up.


Phishing Leads to Insidious Attacks


In terms of mounting a defense, on the BEC front your best bet is plenty of staff training on the issue along with an email security tool that can identify potentially dangerous emails up front, before the recipient even sees it. That’s where a solution like Trustwave MailMarshal can help.

A successful phishing attack, however, creates a more insidious problem. Phishing is all about deception, and fooling an employee into giving up their authentication credentials can have crippling consequences. It means an intruder now has legitimate credentials that can be used to infiltrate your network.

Such an intrusion sets off no alarm bells. With authentic credentials, the intruder can log in to various resources just as an authorized employee can, without triggering endpoint detection and response alerts. Even the victim is unaware of what happened.

Phishing may also be used to trick a user into clicking on a link that launches malware. Here again, the user is likely unaware anything is wrong, and now malware is loose on the network doing whatever it is designed to do – including collecting even more privileged user credentials to siphon sensitive data or launch a ransomware attack.

Once an intruder gains access to your network, it’s not uncommon for them ferret around for days or weeks to find out where valuable data is stored – and then launch ransomware to target it.


Defend Against Phishing with MDR


Detecting this sort of anomalous behavior requires a layered, defense-in-depth approach.

 An MDR service is a great active defense option. Chances are the intruder will eventually trigger some sort of seemingly benign alert or leave tell-tale signs while rummaging around your network. The question is whether your security team will be able to identify the signs for what they are: an advanced persistent threat (APT) that can result in significant damage.

It takes advanced solutions like an MDR service along with hard-won expertise to hunt for and identify threat actor behavior, correlate security alert activity, follow small clues that indicate an APT, and thwart it before damage is done.

That’s what Trustwave MDR brings to bear, encompassing decades of experience, patent pending tools, and an extensive proprietary threat intelligence database. That database is curated by the Trustwave SpiderLabs team, a global industry recognized group of cybersecurity researchers, malware reverse-engineers, advanced threat hunters, penetration testers, digital forensic investigators and cyber threat operators. The threats they uncover instantly become available to all MDR customers, effectively making SpiderLabs a valuable extension of an organization’s security team.

Generative AI (GenAI) models like ChatGPT are a powerful new tool that threat actors are actively employing. It only makes sense that companies adopt new methods to defend themselves. Gartner expects managed detection and response use to double to 60% of all organizations by 2025 as companies realize the value of “threat disruption and containment capabilities delivered directly by MDR providers.” Learn more about how MDR can help you mount a defense that’s equal to the task.

Latest Trustwave Blogs

Trustwave eBook Now Available: 8 Experts on Offensive Security

It is now obvious that defensive measures alone are no longer sufficient to protect an organization from cyberattacks. Threat actors are increasing their capacity at such a rate that merely sitting...

Read More

Upcoming Trustwave Webinar: Top Security Considerations When Moving from Microsoft E3 to E5

Upgrading licensing from Microsoft 365 E3 to E5 is more than just an incremental step—it's a strategic move that can significantly enhance your organization’s security, compliance, and productivity....

Read More

How Trustwave Protects Your Databases in the Wake of Recent Healthcare Data Breaches

The recent cyberattack on Ascension Medical, Change Healthcare and several UK hospitals is a stark reminder of the vulnerabilities within the healthcare sector.

Read More