Virtualization Technology News and Information
CSC 2024 Predictions: Using AI/ML to launch sophisticated, targeted & personalized phishing and malware cyber-attacks


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

Using AI/ML to launch sophisticated, targeted & personalized phishing and malware cyber-attacks

By Ihab Shraim, CTO, CSC Digital Brand Services

Top cyber threat vectors phishing and malware continue to be the most-used techniques to launch attacks for fraud and data theft, especially when major events occur and frenzied reactions abound. The surge in nefarious artificial intelligence tools like FraudGPT makes phishing emails more credible and the infrastructure to launch these attacks is cheap and readily available.

In 2024, there will be a continued rise in generative AI usage where cybercriminals will have a huge advantage in launching phishing campaigns with speed and sophistication. Bad actors will be able to craft personalized and targeted phishing emails that are free of spelling or grammar errors, which will make such emails harder to detect. Moreover, dark web AI tools such as FraudGPT will be easily available to allow for more complex, socially engineered deepfake attacks that manipulate the emotions or trust of targets at even faster rates. The playbooks on how to takeover legitimate domains and DNS, generate lists of fake domain names to register and design fraudulent websites that mimic trusted brand names will be widely accessible.

More cyberattacks will leverage dormant domains

Most organizations have inactive, dormant brand domains that are not monitored on an ongoing basis, and many are owned by unaffiliated third parties who purchased the domains for malicious purposes. Threat actors keep these domain names dormant and inactive for a few months, then activate them in targeted phishing and malware distribution campaigns.

Our prediction in 2024 is that cybercriminals will increase the usage of "Weaponized Targeted Campaigns" (WTC) with look-alike dormant domains and other domain names to launch phishing and malware campaigns. The look-alike dormant domain names will carry the deception of the phishing attack while other domain names are connected to an MX record to launch the email component of the phishing campaign.

Trusted consumer brands will be the most targeted with AI/ML Phishing campaigns

Consumer online brands possess valuable reputations, and they instill trust with consumers.  Unfortunately, threat actors will capitalize on the popularity of these brands by circumventing weak domain security.  Domain security needs to be a part of a company's security posture to protect their online brand domain names from domain typosquatting, takeover or hijack to conduct phishing and/or brand counterfeit and fraud. With AI-enhanced phishing techniques and well-developed deepfake application capabilities, cybercriminals are more easily equipped to impersonate the most well-known global brands. This will allow them to create fraudulent versions of brand materials, ultimately jeopardizing the trust, revenue and reputation built by those companies. 

Increased attention toward "Domain Registrars"

Recently at a well-known cybersecurity conference, the CSC team met with several security vendors and noticed a surprising trend in our conversations - many were unaware of who their domain registrars were. This is concerning because domain registrars are often the epicenter of threat vectors such as: domain account take-over, DNS redirection and/or poisoning, social engineering, malware and phishing attacks.

While many business leaders are aware of common cybersecurity risks such as data breaches, identity management and access controls, they may overlook the responsibility for domain security. Domain names are often associated with marketing and branding, leading security teams to assume that it falls under the marketing or legal departments. However, the lack of awareness about domain registrars and their security policies can leave organizations vulnerable to domain and DNS attacks. Adversaries target exposed corporate and government domain names, which can result in financial and reputational damage. It is crucial for organizations to prioritize domain security as part of their overall cybersecurity strategy.

So, what should corporations do to prepare for 2024?

Devise a cybersecurity strategy that includes online brand protection as an external attack surface.

Domain names are often preliminary, enabling attacks before a full-blown targeted phishing campaign and/or business email compromise (BEC) equipped with a lethal downloadable malware. To prevent these initial exploitations, organizations need to address the state of their domain landscape and remove the disconnect amongst teams responsible for managing this aspect of digital brand initiatives. Securing your domains is the starting point to stop phishing in its tracks.

Here are three key areas that organizations and their security teams should prioritize to enhance domain security and overall corporate security posture:

  1. Visibility and Awareness: Organizations need complete visibility of their domain registrar and cloud providers to improve domain security. Understanding the entire attack surface is crucial for effective domain protection. This visibility helps identify risks in the supply chain and enables proactive threat detection and prevention.
  2. Monitoring and Intelligence: Security teams should actively monitor domains and online brands to identify potentially fraudulent activities. This includes tracking look-alike domains and the connected illicit digital footprint such as emails, social media, apps, and websites used by adversaries to deceive victims. Timely detection of security incidents allows for swift enforcement actions.
  3. Layered Defense-in-Depth Strategy: Implementing a cloud-like strategy for domain security ensures comprehensive visibility into all assets within the domain ecosystem. Like vetting vendors before granting access to cloud infrastructure, organizations should thoroughly assess partners to prevent security and compliance issues. This approach ensures that only trusted, enterprise-grade partners have access to the domain.
Ihab Shraim 
Ihab Shraim is the chief technology officer (CTO) at CSC, responsible for the vision, innovation, and product revenue growth within our company’s cyber security, domain security, fraud protection, and brand protection lines of business. Ihab has a proven track record in devising business strategies to consistently deliver strategic growth through focused technology innovation, go-to-market product strategies, and customer service excellence.
His background includes strong expertise in facilitating the alignment of corporate business vision with information technology strategies to achieve measurable results with successful outcomes. Ihab has developed cutting-edge, patented disruptive technologies and services to deliver consistent year-over-year product revenue growth. Additionally, he is named as a primary inventor on 10 U.S. patents.
Prior to joining CSC, Ihab was on the Board of Binary Guard while also serving as their CTO. Prior to that role, he was the general manager for Presidio’s managed security service, and the vice president of engineering (anti-fraud) and chief information security officer at Mark Monitor (Clarivate Analytics). Ihab is a graduate of George Washington University and holds a BS in electrical engineering and computer science.

Published Friday, December 29, 2023 7:37 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2023>