logo

DeepPhish: Simulating Malicious AI

Conference:  BlackHat EU 2018

2018-12-05

Summary

The presentation discusses how AI can be used to enhance cyberattacks, specifically phishing attacks, and how to defend against them.
  • Identifying individual threat actors in phishing attacks is important to understand their strategies
  • A system was created using AI to generate new phishing attacks and test their effectiveness
  • AI-powered attacks are real and can be created using easily accessible tools
  • To defend against AI-powered attacks, AI detection systems need to account for the possibility of attackers using AI
  • Enhancing our own AI detection systems requires testing how attackers can use AI
The presenter and his team conducted a research project to simulate malicious AI and test how cybercriminals can create better phishing attacks. They first identified individual threat actors in phishing attacks to understand their strategies. They then created a system using AI to generate new phishing attacks and tested their effectiveness by bypassing their own systems. The presenter emphasized that AI-powered attacks are real and can be created using easily accessible tools, such as Python and Keras. To defend against AI-powered attacks, AI detection systems need to account for the possibility of attackers using AI. The presenter stressed the importance of enhancing our own AI detection systems by testing how attackers can use AI.

Abstract

91% of cybercrimes and attacks start with a phishing email. This means that cyber security researchers must focus on detecting phishing in all of its settings and uses. However, they face many challenges as they go up against sophisticated and intelligent attackers. As a result, they must use cutting-edge Machine Learning and Artificial Intelligence techniques to combat existing and emerging criminal tactics.Encryption is a tool that is widely used across the internet to secure legitimate communications, but is now being used by cybercriminals to hidetheir messages and carry out successful malware and phishing attacks while avoiding detection. Further aiding criminals is the fact that web browsers display a green lock symbol in the URL bar when a connection to a website is encrypted, creating false security in users who are more likely to enter their personal information into the page. The rise of attacks using encrypted sites means that information security researchers must explore new techniques to detect, classify, and take countermeasures against criminal traffic. So far, there is no standard approach for detecting malicious TLS certificates in the wild. Cyxtera researchers proposed a method for identifying malicious web certificates using deep neural networks and the content of TLS certificates to successfully identify malware certificates with an accuracy of 95 percent.In addition to combating existing attacks, researchers must focus on future of fraud. As Artificial Intelligence and Machine Learning become crucial to cyber security, criminals will undoubtedly begin to harness these powerful tools to enhance their attacks. Cyxtera researchers created an algorithm called DeepPhish to simulate the results of the weaponization of AI by real life cybercriminals, and came to the staggering conclusion that intelligent algorithms could increase their attack success by up to 3000%.

Materials:

Tags: