Trustwave Blog

Defending Against ChatGPT-Enhanced Phishing with Managed Detection and Response

Written by | Dec 13, 2023

Phishing, already a serious, ever-present threat, is getting even more pernicious thanks to ChatGPT, which enables threat actors to craft more realistic emails. Clearly, organizations need a way to fight back that recognizes the depth of the threat, including by employing managed detection and response services.

Nearly three-quarters of all breaches involve a human element, usually starting with an employee falling for a phishing attempt or the related business email compromise (BEC), according 2023 Verizon Data Breach Investigations Report.

And that figure may be conservative. It’s not hard to find stories stating 90% or more of breaches involve phishing. But as far as we can tell, the 90% figure dates back to at least 2016. It’s one of those stats that’s so good people keep using it, no matter how old the source (if you can even determine the source) or whether it’s still true. Makes you wonder how good the rest of their data is, doesn’t it?

 

The Extent of the Problem

 

Here are some more recent and reliable figures:

  • 74% of all breaches include the human element, including error, stolen credentials, and social engineering, according to Verizon.
  • Eight out of 10 organizations had at least one individual who fell victim to a phishing attempt by Assessment teams from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), according to this February 2023 infographic.
  • One out of 10 phishing emails sent by CISA Assessors succeeded in enticing a user to execute a malicious attachment or interact with a malicious link.
  • 70% of all attached files or links containing malware were not blocked by network border protection services, CISA reported.
  • Email makes up 98% of the vectors for phishing or pretexting incidents, the latter of which is a form of social engineering attack used in business email compromise, according to the Verizon report.
  • Pretexting is involved in 60% of social engineering attacks and phishing in 44%, although phishing is generally more successful, Verizon reports.

The point is, attacks involving fake emails are already highly successful, but ChatGPT promises to make them even more so. As our recent blog post pointed out, ChatGPT enables threat actors to easily write more convincing emails by cleaning up grammatical mistakes, typos, and other tell-tale signs of bogus emails. With such a helping hand at threat actors’ disposal, it’s not hard to envision CISA’s 1 out of 10 figure going up.

 

Phishing Leads to Insidious Attacks

 

In terms of mounting a defense, on the BEC front your best bet is plenty of staff training on the issue along with an email security tool that can identify potentially dangerous emails up front, before the recipient even sees it. That’s where a solution like Trustwave MailMarshal can help.

A successful phishing attack, however, creates a more insidious problem. Phishing is all about deception, and fooling an employee into giving up their authentication credentials can have crippling consequences. It means an intruder now has legitimate credentials that can be used to infiltrate your network.

Such an intrusion sets off no alarm bells. With authentic credentials, the intruder can log in to various resources just as an authorized employee can, without triggering endpoint detection and response alerts. Even the victim is unaware of what happened.

Phishing may also be used to trick a user into clicking on a link that launches malware. Here again, the user is likely unaware anything is wrong, and now malware is loose on the network doing whatever it is designed to do – including collecting even more privileged user credentials to siphon sensitive data or launch a ransomware attack.

Once an intruder gains access to your network, it’s not uncommon for them ferret around for days or weeks to find out where valuable data is stored – and then launch ransomware to target it.

 

Defend Against Phishing with MDR

 

Detecting this sort of anomalous behavior requires a layered, defense-in-depth approach.

 An MDR service is a great active defense option. Chances are the intruder will eventually trigger some sort of seemingly benign alert or leave tell-tale signs while rummaging around your network. The question is whether your security team will be able to identify the signs for what they are: an advanced persistent threat (APT) that can result in significant damage.

It takes advanced solutions like an MDR service along with hard-won expertise to hunt for and identify threat actor behavior, correlate security alert activity, follow small clues that indicate an APT, and thwart it before damage is done.

That’s what Trustwave MDR brings to bear, encompassing decades of experience, patent pending tools, and an extensive proprietary threat intelligence database. That database is curated by the Trustwave SpiderLabs team, a global industry recognized group of cybersecurity researchers, malware reverse-engineers, advanced threat hunters, penetration testers, digital forensic investigators and cyber threat operators. The threats they uncover instantly become available to all MDR customers, effectively making SpiderLabs a valuable extension of an organization’s security team.

Generative AI (GenAI) models like ChatGPT are a powerful new tool that threat actors are actively employing. It only makes sense that companies adopt new methods to defend themselves. Gartner expects managed detection and response use to double to 60% of all organizations by 2025 as companies realize the value of “threat disruption and containment capabilities delivered directly by MDR providers.” Learn more about how MDR can help you mount a defense that’s equal to the task.