Good morning. Today, we are covering how cybercriminals are using AI in phishing attacks. We are also offering practical tips on how to fight against AI-enhanced phishing attacks. As usual, we will also bring you the latest news and jobs in the cybersecurity field. We end today’s newsletter with a wisdom quote. First time reading? Sign up here

Main Meal

💻 Phishing scams, where cybercriminals aim to steal sensitive information, have always been a major threat online. In fact, phishing attacks have increased exponentially in the last few years. What's changing, though, is how these scams are evolving, thanks to artificial intelligence (AI). At present, cybercriminals are using AI to make their attacks more effective and harder to spot. Below are a few strategies used.

AI-Enhanced Spear Phishing

🔑 It is worth mentioning that spear phishing is not your run-of-the-mill phishing; it's a lot more targeted. Cybercriminals are currently using AI to sift through tons of data and create messages that are so personalized and convincing that they usually slip past security defenses. They can seem like they're coming from your bank or a company you trust, which makes them trickier to identify.

Using AI to Avoid Detection

🚨 Additionally, AI doesn't just help create sophisticated and convincing scams; it also helps these phishing attacks stay under the radar. By mimicking how legitimate messages are written, AI can trick many traditional security systems. It's like a constant game of cat and mouse between the cybercriminals and cybersecurity experts trying to stop them, underlining the need for more advanced cyber defense strategies.

The Role of NLG and Deepfakes in Phishing

🎣 Furthermore, phishing attacks get even more sophisticated with AI tools like Natural Language Generation (NLG). NLG lets cybercriminals create messages that sound incredibly human and are tailored to exploit specific weaknesses or current events. Then add to this deepfake technology. Imagine getting a video that looks and sounds exactly like someone you know or trust. We have all seen deepfake videos that sound like a celebrity or politician we know. That's what deepfakes can do, making it super hard for even the most cautious people to spot a scam. Back in 2023, I almost fell for a video that looked and sounded like Elon Musk.

How to Fight Back Against AI-Powered Phishing

🤖As phishing scams get smarter, so must our cyber defenses. Here's what individuals or businesses can do to stay a step ahead:

🛡️ Multi-Factor Authentication (MFA): This adds an extra layer of security. Even if a cybercriminal gets your password, MFA can stop them from getting any further. See my previous post on MFA.

🔐 Regular Software Updates: Keeping your security software up to date is crucial. Updates often include fixes for vulnerabilities that cybercriminals could exploit.

📚  Education and Training: As the saying goes, knowledge is power. By educating yourself as well as teaching others about the tricks used in phishing scams, you can help others spot and avoid these attacks.

👁️ In a sum, as AI transforms phishing scams into more cunning threats, staying informed, vigilant, and equipped with the right tools is our best defense. I wish you all the best in this game.

News

Russian Hacking Group Strikes Again! Microsoft's Senior Leadership Targeted in Cyberattack

A Russia-based group, Midnight Blizzard or Nobelium, has hacked the emails of Microsoft's senior leadership, including members of the cybersecurity, legal, and other functions. The breach raises concerns about the effectiveness of cyber security systems and the potential vulnerability of senior leadership email accounts [more]

Russian Intelligence Group Behind Microsoft Attack Also Hacks Hewitt Packerd Enterprise

On Wednesday, January 24, 2024, Hewlett Packard Enterprise announced that Cozy Bear, a state-sponsored hacking group, breached its cloud-based email service.

Major Water Utilities in the US and UK Suffer Ransomware Attacks

Ransomware attacks have recently targeted two prominent water companies: Veolia North America in the United States and Southern Water in the United Kingdom, leading to data breaches. Veolia, recognized as the world's leading private water sector company, delivers water and wastewater services to millions. Veolia North America disclosed on its website that its Municipal Water division fell victim to a ransomware attack last week. As a countermeasure, the company deactivated the affected backend systems and servers, which temporarily halted its online bill payment services.

loanDepot Cyberattack Exposes Personal Data of 16.6 Million People

Mortgage lender loanDepot has suffered a cyberattack that led to a data breach affecting approximately 16.6 million individuals. The company says it will notify affected customers and provide free credit monitoring and identity protection services. It remains unclear what types of personal information were accessed and stolen.

Carnegie Mellon University Reveals Shocking Cyberattack: Personal Data Breached, 7,000 Affected

Carnegie Mellon University in Pittsburgh disclosed that it was hit by a cyberattack last summer, affecting 7,300 students, employees, contractors, and affiliates. The attackers likely accessed personal data, including names, social security numbers, and birth dates, although there is no evidence of fraud or inappropriate use of the information [more]

Mysterious Cyberattack Takes Down Bucks County Emergency Dispatch System

A cyberattack has disrupted the Bucks County emergency dispatch system, forcing dispatchers to rely on pen and paper to record calls and relay information to first responders. The source of the attack is still unknown [more]

Classes at Clackamas Community College Halted by Mysterious Cyberattack

Clackamas Community College in Oregon has canceled classes after a cyberattack. The college is working with law enforcement to investigate the incident and determine if any personal information was exposed [more]

Jobs

Position: Information Assurance Engineer II

Company: Redhorse Corporation

Location: Fort Meade, MD, United States

Submit your application: http://tinyurl.com/ubjsf7xh

Position: Principal Cyber Data Analyst (Customer Facing)

Company: Comcast

Location: Remote

Submit your application: http://tinyurl.com/mubnuc26

Position: IT Lead & Information Security Analyst

Company: Magna International

Location: Grand Rapids, MICHIGAN, United States

Submit your application: http://tinyurl.com/25mu7fjp

Position: Cyber Technology Transition Support (SETA)

Company: ManTech

Location: Arlington, VA, United States

Submit your application: http://tinyurl.com/zntn88s9

Position: Network & Security Engineer - Sr. Consultant - GNE

Company: Visa

Location: Highlands Ranch, CO, United States

Submit your application: http://tinyurl.com/h9w7tcds

Position: Principal Software Engineer (Malware Research - Antivirus Systems)

Company: Palo Alto Networks

Location: Santa Clara, CA, United States

Submit your application: http://tinyurl.com/4cyk7wbb

Position: Cybersecurity SME

Company: Avint

Location: Hanscom Air Force Base, Massachusetts, United States

Submit your application: http://tinyurl.com/39pzj6mu

Position: University Relations – Security Operations Control Analyst Intern

Company: Health Care Service Corporation

Location: Dallas, United States

Submit your application: http://tinyurl.com/3y2h9pum

Position: Product Cybersecurity Lead

Company: SciTec

Location: Boulder, Colorado, United States

Submit your application: http://tinyurl.com/mr2v2nev

Position: Cyber Detection and Response Analyst

Company: Unlimited Technology Inc.

Location: Orange, Connecticut, United States

Submit your application: http://tinyurl.com/4espbw62

Wisdom Quote

“The measure of intelligence is the ability to change.”

― Albert Einstein