Vade announced that it
has pioneered a new method that improves the confidence of its
spear-phishing detection engine. The enhancement, designed to combat
advanced threats including those produced by generative AI, leverages
threat samples created by artificial technology and human sources.
The new method trains Vade's spear-phishing algorithms on a unique
combination of traditional and artificially generated spear-phishing
emails. Vade has confirmed that the enhancement increases the confidence
of detection across seven spear phishing classifiers, or categories.
These range from scams involving W2 fraud, payroll fraud, banking fraud, and more. In the US, W2 fraud accounts for the largest improvement, seeing a 50% increase in confidence, followed by banking fraud at 30%. W2 fraud, which surges during the US tax season, occurs when attackers attempt to fraudulently obtain employee W2s. Vade is implementing the enhancement just as W2 fraud volumes have increased by more than 130% between December and January.
Spear phishing is the costliest cyberthreat for businesses and
consumers worldwide. According to the Internet Crime Complaint Center
(IC3), reported losses globally from spear-phishing attacks amounted to $2.7 billion (USD) in 2022.
That figure is expected to increase significantly in the coming years,
especially with the emergence of generative AI tools that aid in content
creation.
"We are entering a period of unprecedented transformation in cybersecurity," said Adrien Gendre,
Chief Technology and Product Officer at Vade. "Generative AI is
becoming a gamechanger. It gives hackers new capabilities to deploy
advanced attacks at scale and security vendors the opportunity to keep
pace. As a leader in cybersecurity, we have long recognized the need to
embrace generative AI as a force for good. And we are. We're fighting
fire with fire."
Historically, spear phishing emails commonly contained
characteristics that made them easier to detect as fraudulent, such as
spelling and grammatical errors. Generative AI platforms can eliminate
these factors, producing error-free text in any language. This enables
foreign attackers to localize spear phishing emails and increase the
appearance of legitimacy.
Since generative AI's growth in popularity, Vade researchers have
observed a significant increase in the quality of observed threats. And
while generative AI creators have instituted safety controls to prevent
misuse of their platforms, Vade analysts have conducted internal tests
that demonstrate the ability to circumvent these measures.
Vade is implementing the enhancement for its email security suite,
Vade for M365. Once complete, organizations will immediately see the
benefits of the update.