One of the key elements of cyber-crime trends observed in Singapore is the drop in the quantity of phishing e-mails but the much sharper AI-enhanced language in these e-mails.
The Singapore Cyber Landscape 2023 report, published this week by the Cyber Security Agency (CSA), Singapore, listed 4,100 cases of phishing attempts (52 per cent drop from the year before); 132 ransomware incidents (no change from the year before); 70,200 systems affected by malware infection of infrastructure (14 per cent from the year before); 108 cases of website defacements (68 per cent drop from the year before).
While the number of phishing attempts dropped by half in 2023 compared to 2022, the report said that Artificial Intelligence was being used by fraudsters to spruce up the text in the phishing e-mails.
A sub-chapter, titled ‘Topical Focus: AI-enabled Phishing – A Real and Growing Threat’, in the Cyber Landscape report said: “Since the advent of generative AI, cyber-security researchers have predicted an uptick in the scale and sophistication of phishing attacks.”
AI-enhanced quality in the text of the phishing e-mails increases the risk of targets falling for scams, since these e-mails would not have the usual sloppy mistakes that serve as red flags and give away a fraud attempt.
The sub-chapter said: “Some examples [of sophisticated phishing] include AI-assisted/generated phishing e-mails that are tailored to the victim, and phishing e-mails that carry additional content, such as deepfake voice messages. Such techniques will likely increase the chances of targets falling for the lure. AI may also automate content creation and phishing e-mail distribution.”
Analysing the content of “various unique phishing e-mails observed in 2023 using AI content detection tools”, the CSA and its partner agencies found that about 13 per cent of the samples analysed had AI-generated content.
“It should be noted that as at the time of writing, there are probably no tools/ solutions that can identify AI-generated emails with 100% certainty,” said the CSA report. “Nonetheless, these tools — which are trained on large language models — can be helpful towards identifying if there were elements that were likely AI-written.”
Examples of phishing e-mails with and without AI-generated text
The Cyber Landscape 2023 report gave two examples of phishing e-mails, one with the usual phishing text and one with AI-generated text. The first paragraphs of the two e-mails have a remarkably different tone.
● Without AI-generated content: “Hey. I have bad news for you! 03.08.2022 – On this day, I hacked your device’s operating system and got full access to your account. I have been watching you closely for a long time. I installed a virus on your system that allows me to control all your devices. The virus software gives me access to all the controllers of your devices. I have uploaded all your information, data, photos, browsing history to my servers.”
● Likely contains AI-generated content: “I regret to inform you that there has been a security breach involving your devices used for internet browsing. Several months ago, I gained unauthorized access to these devices and have been monitoring your internet activities. Recently, I successfully hacked into your email accounts, including your password.”
The report said: “Further analysis was also conducted to compare the two phishing e-mails. This allowed for a better understanding of how AI has enabled threat actors to refine the content.”
The analysis led to three main observations:
● First, aligned with predictions of cyber-security researchers, AI-assisted/generated phishing e-mails were grammatically better, and had better sentence structure (e.g. proper paragraphing and use of punctuation).
● Second, AI-assisted/generated phishing e-mails had better flow and reasoning, intended to reduce logic gaps. This may help to enhance legitimacy, and potentially make the e-mail more convincing.
● Third, the AI-assisted/generated phishing e-mail used a polite yet threatening tone (e.g. “I believe it is in your best interest to…”) as compared to the more general and muddled one of the human-written e-mail. This served to convey the message in a more authoritative and compelling manner. “Indeed, AI-assisted phishing can adapt to any tone, enabling them to exploit a wide range of emotions in victims. This makes them more convincing and dangerous,” said the report.
Insights into the four main cyber-crime trends
Phishing remains one of the most popular initial access vectors used by threat actors. “Most spoofed industries” include banking and financial services; government; and technology. Researchers have reported on threat actors leveraging AI chatbots to improve the quality of their phishing e-mails.
Ransomware attacks in Singapore mostly targeted the construction industry and the retail industry. The report said that cyber-criminals were “highly opportunistic” and would target any industries “that have poor cyber hygiene”.
Malware attacks on locally-hosted systems indicate a “lack of basic cyber hygiene amongst owners of the infected systems”, since even dated malware could infiltrate these systems.
Website defacements have declined because hacktivist groups have adopted a wider array of attacks, such as data breaches and DDoS attacks. But organisations should still ensure that their websites are properly configured to avoid being compromised.
Tips to be cyber-safe
Phishing
- Avoid falling prey to AI-driven phishing by watching out for mismatched and misleading information (e.g. senders’ e-mail addresses that masquerade as legitimate ones).
- Be wary of urgent or threatening language in e-mails, promises of attractive rewards, or suspicious attachments. Do not click on suspicious URL links, and never disclose your personal or banking credentials to anyone.
- If the phishing link has already been clicked, run a full system scan using anti-virus software. Report the phishing attempt to SingCERT, as well as the organisation that was spoofed (if any).
Ransomware
- Organisations can visit the Ransomware Portal launched by the Singapore Police Force, in collaboration with the CSA, for ransomware-related resources. These include aid for ransomware victims, advisories, as well as prevention measures that organisations can adopt to avoid falling victim.
Infected infrastructure
- For individuals, some tips include: (a) using anti-virus software; (b) being more vigilant in spotting the signs of phishing; and (c) updating software as soon as possible.
- Organisations can visit the CSA website for cyber-security toolkits that provide guidance on the adoption of cyber-security measures for different types of organisations and job roles.
Website defacements
- Some measures to guard against website defacements include: (a) installing web application firewalls and security plugins to block unauthorised traffic and malicious requests; and (b) ensuring that all software — including content management systems such as WordPress — and applications used are patched and up-to-date to prevent vulnerabilities from being exploited.
- Organisations can also use the CSA’s Internet Hygiene Portal to perform a free assessment on the security of their websites.
