CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Unveiling the AI Threat: Trustwave SpiderLabs Exposes the Rise of AI in BEC and Phishing Attacks - 2024 Technology Threat Landscape Report

Criminals have always been among the first to adopt the latest technology to benefit themselves financially. Famed bank robbers Bonnie and Clyde used high-powered V-8 engine-equipped Ford cars to outrun local police. Other gangs used the telephone to help coordinate their activities, and some realized they could gain an edge by outgunning security and police by toting Thomson submachine guns.

So, it should come as no surprise that threat actors have adopted artificial intelligence (AI), particularly for email-based attacks, to attack, gain access, take control of, and exfiltrate data from the very same organizations that specialize in creating the technology that helps make the world an easier place to function and do business, according to Trustwave SpiderLabs' 2024 Technology Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies.

The consequences of attacks in this industry can be quite severe. Attackers are highly motivated by financial gains and political advocacy and continually adapt their methods to outpace defenses. The technology sector has some unique challenges due to the nature of the industry, including:

  • Having a large attack surface
  • Having complex supply chains
  • Containing high-value data
  • Being part of the global communications backbone
  • Employing a technology Savvy and mobile/remote workforce


AI as a Weapon of Choice for Email Attacks

The report notes that AI's ability to quickly and accurately generate text has made AI a key weapon and greatly complicated a security team's job of not only flagging such emails prior to delivery, but also educating staffers on how to spot a malicious email.

AI's role in email-based attacks was not the only development spotted by Trustwave SpiderLabs. The research team also revealed how attackers find and use various vulnerabilities to gain access. Making gaining access even easier is that more than 12 million devices were found open to the Internet that were not patched against several known vulnerabilities, a preferred avenue of attack by many adversaries.

The report also points out the special relationship technology companies have with their customers. In most cases, technology companies are third parties and possibly the root cause of most supply chain attacks. Additionally, certain technology subsectors, like software companies and infrastructure providers, have complex supply chains, making it difficult to ensure the security of all components and services. This issue has come to light in the MOVEit, SolarWinds, and Kaseya attacks.


Artificial Intelligence-Driven BEC and Phishing Campaigns

Generative AI, a form of artificial intelligence capable of generating new text, media, and source codes, enjoyed a breakout year in 2023, becoming widely popular in the business, consumer, and threat actor communities. Tools like ChatGPT, DALL-E, Synthesia, and others experienced explosive growth in creative and malicious applications.

The concern is over Gen AI's ability to craft sophisticated email attacks, highlighted by the emergence of WormGPT and FraudGPT, which are Large Language Models (LLMs) similar to ChatGPT but lacking security constraints and which have proven to be a favorite among adversaries. For example, Trustwave SpiderLabs researchers have been observing the growing frequency of potentially AI-generated (BEC) emails appearing in our client's inboxes. To see how these function, our researchers tested some of these emails against multiple AI text content detectors and tools (GPTZero, Copyleaks, ZeroGPT, Quillbot) to identify any AI content in the message.

In some cases, these tools have shown almost the entire BEC message is most likely AI-generated.

The truly dangerous aspect is that tech-savvy personnel, especially those in the technology sector, have become more cognizant of the indicators for identifying phishing attempts, such as grammatical and spelling mistakes.

However, with the advent of AI-generated text, phishing emails can significantly enhance the effectiveness of phishing campaigns by eliminating the basic language and grammatical errors that proliferate in older phishing attempts.

Aside from AI-generated phishing text, our researchers also observed the increasing frequency of using AI services as lures, along with deep fakes, another newcomer to the threat actor's weapon kit.

In one email scam, SpiderLabs found a scam offering recipients the opportunity to make easy money through "Quantum AI," an alleged stock trading platform associated with billionaire Elon Musk. This scam extends beyond emails, circulating a deep fake video of Musk on social media that promotes the platform, falsely claiming high returns with minimal risk. These fabricated emails and videos attempt to trick individuals into investing in this financial scam.

Finally, Trustwave SpiderLabs researchers noted the increasing use of AI-powered software-as-a-Service Marketing Platforms for sending unsolicited marketing emails. One example that our team has observed uses the Kalendar AI, a SaaS platform that can write personalized invitations to prospective customers and automatically send pitches on behalf of a specific company.

We should note that this methodology is not necessarily malicious, but this could easily progress from being just unsolicited marketing emails to full-blown malicious email campaigns due to the ease of creating and distributing personalized email campaigns through AI-driven services such as these.


Final Thoughts

The technology sector isn't alone in facing an elevated threat landscape. As SpiderLabs has pointed out in previous reports:

As a result, preventative measures remain the most effective defense against all types of cyberattacks, all of which are listed in the report.

Please take the time to download Trustwave SpiderLabs' 2024 Technology Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies to learn all about how threat actors plan, launch, and benefit from attacking the technology sector.

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More