Darktrace Blog

Perspectives on cyber defense

AI will supercharge spear-phishing

Dave Palmer, Director of Technology | Monday January 9, 2017

Imagine a piece of malware hidden on your boss’ computer. It watches her every move, quietly listening; learning. It sifts through her emails, calendar, and messages. In the process, it doesn’t just learn her writing style. It learns the unique way she interacts with everyone in her life.

It picks up on the inside jokes she shares with her husband. It knows the formal tone she employs with the CEO. And it recognizes the familiar cadence she uses with her favorite employee: you.

Her emails to you are often casual, even jokey. She signs her emails with ‘Cheers’ and sends you corny jokes on occasion. And before important meetings, she writes you an encouraging email.

One day, on your way to a morning meeting, you get an email from her. It reads:

Hi there!

I’ll see you at 9 for our meeting. You’re gonna kill it today.

See attached for a map to their office.

Cheers,

PS why did the refrigerator need a bandaid?
……….. for the cold cuts!

You smile, but suddenly you remember that you don’t know where their office is. Would you open the map?

Most people wouldn’t give a second thought. But the attached ‘map’ is really a malicious payload that, if opened, would start rapidly encrypting data and hold your company’s files hostage for a $30,000 ransom.

Artificial intelligence won’t just be used for good — it will open the door for sophisticated cyber-attacks like this. AI will supercharge spear-phishing with automated, intelligent technology. Hyper-realistic, machine-written emails are not some distant fiction. Indeed, the technology already exists.

Between Google’s DeepMind and voice-recognition software like Amazon’s Alexa, machines can now recognize and copy subtle patterns in human behavior. Recently, an intelligent machine even learned how to write a dystopian sci-fi novel . An email from your boss would be child’s play for an even moderately advanced AI.

Artificial intelligence won’t just power phishing attacks either. It will augment every kind of cyber-attack — including those we don’t even know about ­— with advanced decision-making capabilities. To keep pace with intelligent, unpredictable threats, cyber security will have to adopt an intelligent security of its own.

Want to learn more about the future of AI? You can book a meeting with me and the rest of the Executive Team at the upcoming RSA conference in San Francisco.

Blog Archive

Friday December 8, 2017
Monday November 27, 2017
Monday October 30, 2017
Wednesday October 25, 2017
Thursday October 12, 2017
Monday October 2, 2017
Monday September 18, 2017
Monday July 31, 2017
Thursday June 29, 2017
Wednesday June 21, 2017
Wednesday May 17, 2017
Monday May 8, 2017
Wednesday April 5, 2017
Monday March 6, 2017
Monday February 13, 2017
Monday January 30, 2017
Monday January 9, 2017
Friday December 16, 2016
Monday December 5, 2016
Friday November 18, 2016
Friday November 4, 2016
Monday October 24, 2016

About the authors

Justin Fier

Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. Justin is one of the US’s leading cyber intelligence experts, and his insights have been widely reported in leading media outlets, including Wall Street Journal, CNN, the Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

Dave Palmer

Dave Palmer is the Director of Technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over ten years of experience at the forefront of government intelligence operations, Palmer has worked across UK intelligence agencies GCHQ & MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Andrew Tsonchev

Andrew oversees Darktrace’s OT security offerings, providing cyber defense solutions for industrial environments. Andrew has worked extensively across all aspects of Darktrace's technical and commercial operations, and advises Darktrace’s strategic Fortune 500 customers on advanced threat detection, machine learning and autonomous response. Andrew has a technical background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London.

Max Heinemeyer

Max is a cyber security expert with over eight years’ experience in the field specializing in network monitoring and offensive security. At Darktrace, Max works with strategic customers to help them investigate and respond to threats as well as overseeing the cyber security analyst team in the Cambridge UK headquarters. Prior to his current role, Max led the Threat and Vulnerability Management department for Hewlett-Packard in Central Europe. He was a member of the German Chaos Computer Club, working as a white hat hacker in penetration testing and red teaming engagements. Max holds a MSc from the University of Duisburg-Essen and a BSc from the Cooperative State University Stuttgart in International Business Information Systems.

EnglishFrançais日本語