Sveriges mest populära poddar

Redefining CyberSecurity

How AI-Enhanced Phishing Changes the Economic Dynamics of Phishing Attacks | A Conversation with Marco Ciappelli and Fred Heiding | Redefining CyberSecurity with Sean Martin

37 min • 28 augusti 2024

Guests: 

Fred Heiding, Research Fellow, Harvard

On LinkedIn | https://www.linkedin.com/in/fheiding/

On Twitter | https://twitter.com/fredheiding

On Mastodon | https://mastodon.social/@fredheiding

On Instagram | https://www.instagram.com/fheiding/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

View This Show's Sponsors

___________________________

Episode Notes

In today's digital era, AI-enhanced phishing attacks are transforming the landscape of cybersecurity. An insightful episode of The Redefining CyberSecurity Podcast features host Sean Martin alongside ITSPmagazine co-founder Marco Ciappelli, and guest Fred Heiding, a research fellow in computer science at Harvard School of Engineering and Applied Sciences, and a fellow at the Harvard Kennedy School.

Fred Heiding shares updates on the evolution of phishing attacks using AI, highlighting both the technical facets and the societal implications. He explains how advanced language models can now automate the creation of highly realistic phishing emails, making it easier and more cost-effective for attackers to target individuals and organizations.

Heiding discusses the concept of hyper-personalization, where attackers gather granular information about their targets, such as their communication patterns and personal interests, to craft emails that seem authentic and trustworthy. This hyper-personalization poses significant challenges.

Heiding provides an example where attackers mimicked a Black Hat organizer's email, highlighting the precision and timing crucial for successful phishing. The use of open-source language models, which can be adjusted by developers to remove any built-in protections, further exacerbates the issue.

Marco Ciappelli ponders the potential solutions by leveraging AI for defensive strategies. Heiding acknowledges this is an area with promise, particularly in personalized spam filters, yet notes the inherent advantages attackers hold over defenders due to the unpatchable nature of human intuition. Defense mechanisms using AI can marginally enhance current spam filters but face limitations in practicality and widespread adoption because of people's reluctance toward continuous training and complex defense mechanisms.

Sean Martin evaluates the potential of AI in monitoring patterns of human vulnerability over time, which could redefine phishing training by focusing on specific, individualized principles. However, he also stresses the economic aspect, citing that cheaper and more efficient phishing methods increase the attack's scale and frequency, further complicating defensive strategies.

Heiding and Ciappelli both emphasize that while technological advancements provide tools for protection, they also require more personal data to be effective—a trade-off that involves significant privacy concerns. The future of online trust, according to Heiding, appears precarious. As phishing attacks become more sophisticated, the very nature of how people trust digital communications must evolve.

Overall, this episode underscores the critical need for ongoing research and dialogue in cybersecurity, focusing on balancing innovation in defense mechanisms against the ever-advancing sophistication of attacks.

___________________________

Sponsors

Imperva: https://itspm.ag/imperva277117988

LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

Harvard Business Review article: https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams

IEEE Access article: https://ieeexplore.ieee.org/document/10466545

BSides presentation: https://bsideslv.org/talks#8WK8P3

Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/hacking-humans-using-llms-with-fredrik-heiding-devising-and-detecting-phishing-large-language-models-vs-smaller-human-models-las-vegas-black-hat-2023-event-coverage-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli

A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/a-framework-for-evaluating-national-cybersecurity-strategies-a-black-hat-usa-2024-conversation-with-fred-heiding-on-location-coverage-with-sean-martin-and-marco-ciappelli

Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli: https://itsprad.io/redefiningcybersecurity-454

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: 

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Förekommer på
00:00 -00:00