NEW DIMENSION TO CYBER THREATS
AI has also allowed malicious actors to scale up their operations, reported CSA.
The agency and its partners analysed a sample of phishing emails observed in 2023, with about 13 per cent found to contain AI-generated content.
These emails “were grammatically better and had better sentence structure”, said CSA.
AI-generated or AI-assisted phishing emails also had “better flow and reasoning, intended to reduce logic gaps and enhance legitimacy”.
It added that AI’s ability to adapt to any tone allowed malicious actors to exploit a wide range of emotions in their victims.
The technology has also been used to scrape social media profiles and websites for personal identification information that can be used by malicious actors. This allows them to increase the speed and scale of their attacks.
CSA warned that malicious actors could also become unintended beneficiaries of legitimate research into how generative AI is used negatively.
These actors could recreate and operationalise research findings, incorporating them into their cyberattacks, said the agency.
“The use of generative AI has brought a new dimension to cyber threats,” said Mr David Koh, commissioner of cybersecurity and chief executive of CSA.
“As AI becomes more accessible and sophisticated, threat actors will also become better at exploiting it.”
Individuals and organisations need to learn how to detect and respond to malicious uses of Gen AI, said CSA.
Users can discern if the content they are viewing is a deepfake by assessing its message, analysing its audio-visual elements and using tools to authenticate its content, it said.
DECREASE IN PHISHING SCAMS IN 2023
According to CSA’s report, Singapore saw a 52 per cent decline in phishing attempts in 2023 compared with the year before. The drop bucked a global trend of sharp increases.
However, the total number of phishing attempts in 2023 was around 30 per cent higher than in 2021.
CSA warned that phishing attacks continue to be a major threat to organisations and individuals, especially as threat actors improve on the sophistication of their cyberattacks.
The agency observed that cybercriminals were making their attempts more legitimate and authentic.
For example, more than a third of reported phishing attempts in 2023 used the more credible-looking domain “.com” instead of “.xyz”, an increase of about 20 per cent from 2022.
More than half of the phishing URLs reported also used the more secure “HTTPS protocol”, a significant increase from the 9 per cent that did so in 2022, said CSA.
The most spoofed industries in 2023 were banking and financial services, government, and technology.
Sixty-three per cent of the organisations imitated in phishing attempts were from the banking and financial services sector.
“This industry is often being masqueraded as banking and financial institutions are trusted organisations which hold significant amounts of sensitive and valuable information, such as personal details and login credentials,” said CSA.