AI will supercharge spear-phishing

Dave Palmer, Director of Technology | Monday January 9, 2017

Imagine a piece of malware hidden on your boss’ computer. It watches her every move, quietly listening; learning. It sifts through her emails, calendar, and messages. In the process, it doesn’t just learn her writing style. It learns the unique way she interacts with everyone in her life.

It picks up on the inside jokes she shares with her husband. It knows the formal tone she employs with the CEO. And it recognizes the familiar cadence she uses with her favorite employee: you.

Her emails to you are often casual, even jokey. She signs her emails with ‘Cheers’ and sends you corny jokes on occasion. And before important meetings, she writes you an encouraging email.

One day, on your way to a morning meeting, you get an email from her. It reads:

Hi there!

I’ll see you at 9 for our meeting. You’re gonna kill it today.

See attached for a map to their office.


PS why did the refrigerator need a bandaid?
……….. for the cold cuts!

You smile, but suddenly you remember that you don’t know where their office is. Would you open the map?

Most people wouldn’t give a second thought. But the attached ‘map’ is really a malicious payload that, if opened, would start rapidly encrypting data and hold your company’s files hostage for a $30,000 ransom.

Artificial intelligence won’t just be used for good — it will open the door for sophisticated cyber-attacks like this. AI will supercharge spear-phishing with automated, intelligent technology. Hyper-realistic, machine-written emails are not some distant fiction. Indeed, the technology already exists.

Between Google’s DeepMind and voice-recognition software like Amazon’s Alexa, machines can now recognize and copy subtle patterns in human behavior. Recently, an intelligent machine even learned how to write a dystopian sci-fi novel. An email from your boss would be child’s play for an even moderately advanced AI.

Artificial intelligence won’t just power phishing attacks either. It will augment every kind of cyber-attack — including those we don’t even know about ­— with advanced decision-making capabilities. To keep pace with intelligent, unpredictable threats, cyber security will have to adopt an intelligent security of its own.

Want to learn more about the future of AI? You can book a meeting with me and the rest of the Executive Team at the upcoming RSA conference in San Francisco.