68.7 F
San Diego
Tuesday, Jul 23, 2024

Phishing Is Best Caught Early

TECH: Vigilance Can Keep Bad Actors at Bay

The month when people typically dress in costumes, October, is also Cybersecurity Awareness Month. In a way that’s fitting since computer hackers often show up in costume, or rather in the guise of someone a person would normally trust.

The act of luring someone to click on a malicious link or engage in what seems to be a harmless conversation goes by the names of social engineering or phishing.

Joseph Oregón
Chief of Cybersecurity
CISA Region 9

Joseph Oregón, a federal internet security expert, said there are plenty of technical ways that computer specialists can configure a system to keep such bad actors at a distance.

“But people who are not IT specialists can help prevent phishing, too,” he said.

The simplest way may be summarized in four words: Think before you click.

“The best advice I can give is, ‘If it looks fishy, it might be phishing. Think before you click!’”

Again this October, the San Diego Business Journal has teamed up with San Diego’s Cyber Center of Excellence (CCOE) to remind readers how they might best stay clear of hackers who might steal identities or valuable information, or lock up a business’ data and hold it for ransom.

Oregón is chief of cybersecurity for Region 9, the westernmost region of the federal government’s Cybersecurity and Infrastructure Security Agency (CISA), which includes California.

Stay Suspicious

“Stay vigilant, recognize and report phishing,” he said. “Be suspicious of any and all unsolicited emails asking you for your personal information. And as an important reminder on best practices, don’t click on suspicious links or open attachments from unknown sources.”

Opening attachments might send malicious code into a computer system.

CISA materials note that in social engineering, “an attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network.”

There are plenty of reasons to be cautious of hackers, who might be criminals or agents of unfriendly nation states.

“These people have all the time in the world to strategize targeting you or your employees,” Oregón said. “They wait patiently and collect information; they wait until you become the weak link for your organization. Many of these hackers will conduct reconnaissance and, due to the extremely large quantities of information available on the internet and dark web, they work through their typical watering holes of information to scrape up as much as they can to determine the likelihood of successfully compromising their intended victim or victims.

“So, as the saying goes, it’s not a matter of ‘if,’ it’s more a matter of ‘when,’” Oregón said. “Business leaders need to have systems in place to minimize the impact of an intrusion and prepare employees so they do not accidentally create a system breach by falling victim to phishing schemes. At CISA, we have best practices on hand to help you prepare for, understand, and prevent these risks to you and your organization.”

Information is available at cisa.gov/secure-our-world.

Borders and Filters

Oregón listed more technical ways to keep bad actors away. His suggestions:

  • Use strong network border protections. Make it difficult for malicious actors to trick you or exploit your systems. Establish a filtering process to quickly identify and block things such as malicious code, worms and ransomware.
  • Configure email servers to utilize protocols designed to verify the legitimacy of  email communications.
  • Consider implementing “deny-lists” or even cyber threat intelligence feeds which can be inputted into firewall rules to help block known malicious domains, URLs and IP Addresses.

The Potential of AI

Phishing and social engineering are evolving, and will very likely use generative artificial intelligence in the future. Joe Rohner, vice president at defense contractor Booz Allen Hamilton, sees change on the horizon.

Joe Rohner
Vice President
Booz Allen Hamilton

“ChatGPT and other LLMs [large language models] use AI to sift through massive sets of internet data and identify patterns in language to develop text that is very difficult to distinguish from something produced by a human,” said Rohner. “The most obvious application of this is for crafting much more convincing phishing schemes. Where phishing and smishing messages were once easy to detect, with poorly constructed grammar and the tells of non-native origins, AI-generated content is more difficult to parse out – and thus, more people fall victim.”

The term smishing refers to phishing via text message.

Rohner sees bad actors using AI for other purposes.

“These LLMs can manufacture other more social engineering attacks at scale as well, such as major disinformation campaigns,” he said. “These social attacks appear in the form of misinformation, disinformation, and malinformation (MDM), which can spread falsehoods that pose a serious risk to things like election integrity and public safety. LLMs offer the potential to make all these social-led campaigns much quicker, simpler and easy to distribute to wide audiences. If anything, they lower the bar to entry for hackers.”

Of course, the technology used for offense might also be used for defense.

“AI has long been a tool in cybersecurity for automation purposes,” said Rohner. “Algorithms used today for cyber defense provide anomaly detection and pattern recognition that we can use to profile networks, determine a baseline and detect malicious activity. This AI helps us to detect things out of the ordinary and determine our next steps to combat cyberattacks in real time against hackers.”


Featured Articles


Related Articles