By Juliet Akoth
Nairobi, Kenya: In the wake of cybercriminals leveraging Generative Artificial Intelligence (Gen AI) to amplify their attacks on organizations and individuals, cybersecurity experts have now devised innovative approaches to tackle this growing menace.
This shift in strategy follows increased complexities in combating the threats from the new trends of attacks.
In Kenya alone, the surge in cyber threats is alarming with Trend Micro, a global cybersecurity leader reporting a staggering 1.8 million malware attacks targeting businesses and consumers in 2023.
According to Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro, the speed and scalability of AI are increasing the sophistication of social engineering, while also making it quicker and easier for cybercriminals to trawl through large datasets for information to exploit.
“To guard against these attacks, defenders need to understand the nature of the threats they are facing and evolve their security practices accordingly,” noted Zaheer.
He further reveals that previously cybercriminals were using two main phishing strategies; mass-blasting a huge number of targets with hopes of catching vulnerable users, and manual targeting of specific users after extensive research on them. This high-effort, high-success method is known as ‘harpoon phishing’ or ‘whale phishing’.
The use of Gen AI is worrisome as it is converging these two models, making it easy for attackers to send targeted, error-free, and tonally convincing messages on a mass scale in multiple languages. This is already branching beyond emails and texts to include persuasive audio and fake videos (deepfakes).
This coupled with readily available Apps, like HeyGen( an online app that helps you generate or repurpose videos using AI technologies including digital avatars, text-to-video, and video translations) has allowed even cybercriminals with no coding knowledge or special computing resources to produce customized high-resolution outputs that are humanly undetectable.
Trend Micro is predicting more sophisticated approaches by cybercriminals, a situation that requires evolved security practices and tools.
“More recently, hijacking and jailbreaking apps have become trending topics in cybercrime forums, indicating high criminal interest. These tactics are likely to gain ground in 2024,” explained Zaheer.
New Innovative Approaches to match Gen AI threats.
Despite the AI-enabled intensification of cybercrime, experts at Trend Micro have identified defense strategies to match gen AI threats involving a combination of zero-trust approaches and the use of AI to make security stronger.
As the name implies, with zero trust, trust is never presumed. Identities must always be verified, and only necessary people and machines can access sensitive information or processes for defined purposes at specific times. This limits the attack surface and slows attackers down.
“In cases where cybercriminals target phony purchase order email with deepfake voice confirmation, zero-trust verification would prohibit users from calling the number in the message,” he said.
Instead, they would have an established ‘safe list’ of numbers to call, and/or need multi-stakeholder approval to verify the transaction. Coded language could even be used for additional authentication.
Furthermore, Zaheer reveals that Even though phishing attacks are now too well disguised for users to detect them on their own, cybersecurity awareness training remains essential.
This is because AI and machine learning can be used to detect sentiment and tone in messages or evaluate web pages to prevent fraud attempts that might slip by users.
“Over the coming year, local businesses should expect to see cybercriminals leverage AI in new and sophisticated ways. However, defenders can use the technology to their own advantage, combining AI with zero-trust security frameworks and a strong security culture to combat evolving criminal tactics,” Ebrahim concluded.
