Technology

The Use Of AI In Creating Social Engineering Attacks

Gilad Zinger August 16, 2024

The Use Of AI In Creating Social Engineering Attacks

AI can be used to orchestrate and inflict attacks through digital networks. The author of this article explains what can be done and how to frame the issues.

The following article, which is from Gilad Zinger, Yemin Family Office, also runs in this publication, Family Wealth Report Family Office Cybersecurity and AI Summit. This is the fourth in a series. 

The editors of this news service are pleased to share this material; the usual editorial disclaimers apply. Email tom.burroughes@wealthbriefing.com if you wish to respond.
 

Introduction
In my recent presentation, I explored the critical subject of using artificial intelligence (AI) to orchestrate social engineering attacks. Social engineering exploits human vulnerabilities, and the incorporation of AI into these attacks poses new and sophisticated threats. The objective was to highlight how AI can be leveraged to create more convincing and effective social engineering schemes and to demonstrate the urgency for enhanced security measures within the family office sector.

The human factor: The weakest link
The presentation began with an overview of social engineering, emphasizing its reliance on manipulating human behavior rather than exploiting technical vulnerabilities. I discussed common techniques used in social engineering, such as phishing, baiting, and pretexting. These methods are designed to deceive individuals into divulging confidential information or performing actions that compromise security.

I pointed out that despite advancements in cybersecurity technology, the human factor remains the weakest link. This vulnerability is particularly pertinent to the family office industry, where personal relationships and trust play significant roles in operations. The potential for AI to exploit these human weaknesses underscores the need for heightened awareness and improved defensive strategies.

Live demonstration: AI in action
To illustrate the potential dangers, I conducted a live demonstration using ChatGPT, an advanced language model developed by OpenAI. The demo showcased how AI could be employed to automate and enhance social engineering attacks, making them more believable and harder to detect.

I used ChatGPT to build a script that creates a fake webpage designed to look like a legitimate "Wealth Report" site. The purpose of this site was to trick victims into entering their credentials. The demonstration included the following steps:

ChatGPT was prompted to generate HTML and JavaScript code for a fake webpage. The AI produced a professional-looking login page with a convincing layout and text, mimicking a typical wealth management portal.

The script included functionality to capture the credentials entered by the victim and store them in a Google Sheet. This integration was crucial to demonstrate how easily the stolen information could be collected and accessed by the attacker in real time.

I deployed the fake webpage and showed how an unsuspecting victim might interact with it. Upon entering credentials, the information was immediately transmitted to a Google Sheet, highlighting the efficiency and stealth of the attack.

Results and impact
The live demo was highly effective, demonstrating the seamless and potent capabilities of AI in facilitating social engineering attacks. The audience witnessed firsthand how AI-generated content can deceive even the most vigilant individuals. The demonstration underscored the pressing need for robust security measures and heightened vigilance among family office personnel.

Conclusion: Strengthening the human factor
The key takeaway from the presentation was the critical importance of addressing the human element in cybersecurity. While technology continues to evolve, human behavior and decision-making processes remain vulnerable to manipulation. The integration of AI into social engineering tactics amplifies this threat, necessitating comprehensive education and training for individuals at all levels within the family office industry.

To mitigate these risks, I recommended the following strategies:

1. Continuous education and training: Regular training sessions on cybersecurity awareness and the latest social engineering techniques can help staff recognize and respond to potential threats.

2. Enhanced security protocols: Implementing multi-factor authentication (MFA), regular audits, and stringent access controls can significantly reduce the risk of successful social engineering attacks.

3. AI-based defensive measures: Leveraging AI to develop and deploy defensive tools that can detect and counteract social engineering attempts can provide an additional layer of security.

4. Fostering a culture of security: Encouraging a culture where security is prioritized and openly discussed can help build a more resilient and informed workforce.

In conclusion, while AI presents new challenges in the realm of social engineering, it also offers opportunities for enhancing our defensive capabilities. By focusing on the human factor and integrating advanced security practices, the family office industry can better safeguard against the evolving landscape of cyber threats.

 

About the author
Gilad Zinger, an investment director at Yemin Family Office, specializes in nurturing mid-early stage cybersecurity, fintech, agri and food startups. Previously at PwC, he served as a senior manager and OT security specialist, empowering governments and organizations to safeguard critical infrastructures. With over 17 years at the Israel Security Agency, he cultivated unparalleled experience in defensive and offensive cyber operations. As the Cyber Division team leader, Gilad managed elite cybersecurity teams, spearheading the identification and analysis of cyber events for the Department of Cyberwar Risk Management at the Israeli National Information Security Agency (NISA).

Register for FamilyWealthReport today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes