In-depth analysis: Evolution of AI-driven social engineering

CybersecurityHQ News

Welcome reader to your CybersecurityHQ report

—

Brought to you by:

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

—

Evolution of AI-Driven Social Engineering

The scene of social engineering attacks has swiftly changed with the adoption of artificial intelligence technologies. Since the use of Generative AI and large language models (LLMs) has become widespread, these tools have been used to impersonate a human. This allows for the at-scale, and sometimes in real-time, execution of "traditional" social engineering tactics. These automated, highly human-like interactions with targets represent a significant evolution in the social engineering playbook.

By bringing artificial intelligence into social engineering, we have fundamentally changed the way we work and live. We have opened up a source of attack that never existed before, where our attempts to secure the human element are now at risk of being bypassed by machines that can think, act, and learn in ways that only humans could before. This has mostly happened with our dark reflection of human intelligence—our attempts to create the perfect impersonation. But with whom are we trying to perfectly impersonate? We have to consider that these OKRs (objectives and key results) we live, work, and breathe by only exist in the digital realm where AI has access.

Automated Attack Infrastructure

Sophisticated AI-driven attack infrastructures have turned the execution of social engineering campaigns into an art form, allowing bad actors to hit their marks with incredible precision and efficiency. When you consider that these modern artificial intelligence systems can now, for the most part, operate autonomously, with little human intervention(Enterprise IT World), and that—thanks to the widespread availability of verifiable personal data in our online lives—they have all the raw materials they need to work with, it becomes not just possible but also probable that the kinds of interactions we have with one another on a day-to-day basis will, at some point in the very near future, be increasingly indistinguishable from the kinds of interactions we're used to having with AI.

Usually, automation components work together in a well-orchestrated fashion to accomplish a singular goal. In this case, the goal is to automate the cyber kill chain. Cyber kill chain automation is a relatively new concept, but the underpinning components have existed for quite some time. Coarse-grained system event data (an audit log of sorts) is generated by the various operating system and application environments present in a target organization and collected as either a multi-siloed or centralized collection architecture. To do this efficiently and effectively and to derive meaningful analyses, a few common system event log collection and analysis tools—like Splunk—are often employed on the offensive side by an adversary to accomplish this task.

Today’s AI-driven attack platforms can now handle natural language commands with an accuracy previously unimaginable. They can also generate text in natural language with a proficiency that is now hard to distinguish from a human writer, making them potentially lethal when it comes to creating convincing phishing emails and messages for social media. These platforms can also put together messages that can fool large numbers of people over the phone, all using the sorts of legitimate-sounding scripts that any good con artist would rely on.

Advanced Targeting Mechanisms

The development of AI-driven targeting systems has taken social engineering attacks to a new level. They have made them more sophisticated and, consequently, more dangerous. At the heart of this evolution is the use of unprecedented personalization. Whereas in the past, an interactive voice response system might have addressed a caller by their name, an AI system can now do much more. It can also interact with the caller in a way that makes them think they are talking to a person rather than a machine—something that can't be said for IDF intelligence or the earlier robots of social engineering.

Contemporary targeting systems conduct instantaneous analyses of social media, as well as professional networks and the public at large, to create detailed target profiles. These profiles allow attackers to create personalized scenarios for whom they are going to launch an attack, which are tailor-made to fit the target's specific interests and line of work. The attack profiles even factor in the target's known social connections. All of this data is fed into a system that can automatically adjust for the target's likely responses, creating a dynamic process that makes the attacks seem more real and thus increases the chances of success.

Incorporating natural language processing and sentiment analysis allows these systems to understand and leverage the emotional triggers they hit. By studying the communication patterns and response behaviors of the humans they're targeting, these AIs can tell when to strike and adjust their methods based on the real-time psychological read they're getting from the target.

Psychological Manipulation Techniques

Cognitive Bias Weaponization

Today's social engineering attacks are clever and subtle. They systematically take advantage of the biases built into our decision-making processes. These biases have emerged from extensive studies of human behavior in the fields of cognitive psychology and behavioral economics, and they have become well understood—almost predictable. This knowledge allows particularly skilled attackers to tailor their deceptive messages in ways that make them incredibly persuasive and hard to resist, even for the very smart people we generally associate with the working inside our security perimeters.

The availability heuristic is affected when artificial scenarios are created that present certain threats(Lakera AI) or opportunities as more prevalent than they actually are. Our risk perception and decision-making processes are influenced, as a result, toward seeing these things as much more likely to occur than they would under normal circumstances. Now, advanced AI systems do this for us. They are trained on our cognitive vulnerabilities across large datasets. They identify and exploit with brutal precision the exact biases we are prone to for whatever reason. And they do it with voices that sound very human. And if there is a next step, they will automate that next step too.

Emotional Trigger Exploitation

Using emotional triggers is a relatively new tactic in social engineering. It allows for the precision targeting of individuals who systems powered by AI have determined are vulnerable. Natural language processing and sentiment analysis at the level this new technology operates can and does build detailed emotional profiles of people, particularly as they communicate across digital platforms. A large part of any individual's emotional profile is tied to how they differ in their reactions depending on the context in which they are communicating. Adjusting for the "normal" range of variation in any individual's emotional responses is foundational to how well any profiling operation works.

Current AI systems can pinpoint particular emotional triggers by assessing users' social media, professional, and other online activities. From this, they draw a detailed vulnerability map for each individual. These systems are excellent at playing upon our most basic emotions—fear, greed, and urgency—with personalized content that tells us exactly what we need to hear to take the action the attacker wants us to take. If a system is using real-time content generation, then what it is feeding us in terms of a narrative might not even be a lie; it might just be the truth about us that we're not comfortable with coming to the surface.

Current advanced systems work in real time, providing feedback loops that allow for the adjustment of manipulation tactics according to target behavior. This means that when a social engineer is attempting to render a target susceptible, they can give the illusion of authentic, human interaction while being exactly what the target needs them to be in order to be emotionally manipulated. This is an adaptive system, one that can pivot between emotional leverage points as required, and it is precisely what has made modern social engineering attacks so much more successful than those of yesteryear.

Technical Implementation of AI-Based Attacks

The world of AI-based social engineering attacks is changing fast. Today, we use a variety of architectural components to pull off these kinds of cyber threats. One of the main components in the modern attacker's toolkit is NLP (natural language processing), which we use to understand and generate human language. But there are other components that serve just as important a role, like computer vision (for, you know, seeing), and overall behavioral analysis (trying to understand what kind of systems and humans we're interacting with). These machine learning frameworks—along with another level of "adversarial training"—are set for the sole purpose of automating the social engineering attack.

GenAI Content Generation

How generative AI is used in social engineering attacks marks a change in the fundamental way that deceptive content is produced and spread.

These systems are fundamentally based on transformer architectures. They use attention mechanisms and self-supervised learning to produce highly convincing fake content.

The nuts and bolts of the system consist of language models trained on huge amounts of data(CrowdStrike). They are filled with both real and fake content to better mimic human-generated text.

These models use sophisticated methods like temperature sampling, where the parameter $T$ in the softmax function $P(x_i) = \frac{exp(x_i/T)}{\sum_j exp(x_j/T)}$ determines the amount of randomness that is injected into the generated content, letting bad actors choose between creative and coherent outputs.

The most sophisticated methods rely on conditional generation techniques. Here, the model tailors its output based on particular target parameters you provide—like writing style, tone, or context-specific details.

Often, the architecture contains validation layers that use discriminative models to evaluate how believable the content(World Economic Forum) they create really is. This gives the architecture a setup similar to a generative adversarial network.

These systems employ advanced prompt engineering methods and use painstakingly designed input templates to create the most effective social engineering narratives possible.

The technology generally comprises specialized components that personalize the content. These components, essentially algorithms, do the underappreciated work of analyzing and profiling the various categories of users that the site targets. They attempt to understand not just the demographic groups to which these users belong, but also their behavioral patterns—what kind of things they're likely to do when they're online, and what kinds of things they're likely to want to see.

LLM-Powered Communication

The sophisticated nature of LLM-powered communication in social engineering attacks(PrivacyEnd) derives from the powerful capabilities of natural language understanding and generation—capabilities that, in modern incarnations, come from transformer-based neural architectures. These systems do not work in a vacuum; they maintain an impressive context in communication. Even with slab, swirling, or cubicle memory in humans, a neural context in communication persists efficiently for a natural conversation. This is not necessarily so with a human social engineer. But what makes the LLM-based system work so well conversationally?

The systems under discussion are typically engineered with specialized components for sentiment analysis and emotional manipulation. They use closely calibrated models that seek out and take advantage of the target's psychological weak points. These are not your average "talking-head" chatbots. The ensemble really knows how to keep up its end of the conversation and, if necessary, acts like a "bad cop" to give the target a false sense of security. Another nice touch: the system can keep at it for some 30 hours, or longer, if needed. All this is accomplished using some well-disguised "state management" techniques.

An adaptive system for real-time response generation is what you're looking at with our architecture. It's not just an architecture; it's what we call a "system" because it has feedback loops. Like any good system, it has modules that do different specialized jobs. Our modules are optimized for the real-time generation of responses, and specialized algorithms beam search do the heavy lifting. With beam search, the key task is to keep track of how persuasive, natural, and aligned with social engineering objectives(Lakera AI) a given beam is. A beam, you might recall, is a bunch of parallelized paths.

Defense Strategies and Countermeasures

AI-Based Detection Systems

The quickly changing field of cybersecurity finds artificial intelligence taking shape as both a threat and a defensive tool against increasingly sophisticated social engineering attacks. Today's AI-based detection systems employ advanced machine learning algorithms to work with the many forms of our digital content; to recognize, for instance, the apparent "void in a digital company's presence" that the human hackers behind the 2020 Twitter social engineering hack so aptly took advantage of.

Natural language processing (NLP) algorithms have dramatically improved our ability to detect simple linguistic patterns that separate human-generated text from text produced by an AI. We might imagine several layers of a fancy digital cake inside an advanced detection system, with each layer contributing something to the final result of a system that can tell us—and can tell us with a degree of confidence—whether or not a digital message was generated by a human or by an AI. The most sophisticated of those systems today would be built on a transformer architecture, which is what large language models like ChatGPT are built on.

Message authenticity is established by these systems using a method of multi-dimensional feature analysis. This includes looking at the authentic signs from a message in several different ways, such as the temporal patterns of when a message is sent, the sender's normal behavior, and the linguistic fingerprints that markers (e.g., typos) might leave. These systems are extra smart because they learn from each new attack that they successfully defend against. At the same time, "threat intel" from freshly caught bad actors is incorporated into their defenses in real-time. Using features and contexts like these enables system admins in your organization to keep nasty surprises from compromising your systems.

Zero-Trust Implementation

Defending against AI-powered social engineering attacks is seeing a significant shift—hope, even—toward the zero-trust architectural model. The very basics of zero trust work like this: In the old world, we had a perimeter; in the new world, there is no perimeter, and every digital interaction must be validated (or, as some might say, "trusted"). However, while the zero-trust model does hold promise, it does seem to have a problem this chapter will outline—and that problem is with a trust evaluation function that is bivalent (i.e., it returns either 0 or 1).

Today's zero-trust systems use modern dynamic risk-scoring algorithms to assess the risk of allowing a user access to a resource. These algorithms take into account multiple contextual factors—such as user behavior, device health, and network conditions—that are known about the user and the request he's making. Whereas simple IAM systems use conditional factors (which can be known, suspected, or inferred about a user) to evaluate whether a user should be given a token, these advanced IAM systems use algorithms calibrated to make the best guess based on the known conditions, and thus represent a paradigm shift in the way access decisions are made.

ZTA implementation encompasses state-of-the-art encryption of data moving in transit and at rest, coupled with an automatic key management system that rotates credentials as part of a risk assessment program. At the same time, organizations have built ZTA around a SASE framework, clear on the fact that this is a network security function. If nothing else, SASE tells us where to put the trust. If we can trust what’s behind SASE, we can trust the architecture to complete an end-to-end transaction securely. Trust has become an ambiguous term, but we can use it more effectively once we know what not to use it for.

Works Cited

[1] Tsukerman, Daniel. "How Artificial Intelligence Is Changing Social Engineering." Infosec Institute, 2019, www.infosecinstitute.com/resources/machine-learning-and-ai/how-artificial-intelligence-is-changing-social-engineering/.

[2] SecureWorld. "Impact of AI on Social Engineering Attacks." SecureWorld, www.secureworld.io/industry-news/impact-ai-social-engineering-attacks. Accessed 22 Nov. 2024.

[3] VerSprite. "The Intersection of Artificial Intelligence and Social Engineering: Next-Generation Threats." VerSprite, www.versprite.com/blog/the-intersection-of-artificial-intelligence-and-social-engineering-next-generation-threats/. Accessed 22 Nov. 2024.

[4] Enterprise IT World. "Beyond Phishing: How AI Is Amplifying Social Engineering Attacks." Enterprise IT World, www.enterpriseitworld.com/beyond-phishing-how-ai-is-amplifying-social-engineering-attacks/. Accessed 22 Nov. 2024.

[5] Red Edge Security. "The Future of Social Engineering: Emerging Trends and Threats." Red Edge Security, www.rededgesecurity.com/the-future-of-social-engineering-emerging-trends-and-threats/. Accessed 22 Nov. 2024.

[6] Lakera AI. "Social Engineering." Lakera AI, www.lakera.ai/blog/social-engineering. Accessed 22 Nov. 2024.

[7] World Economic Forum. "AI Agents in Cybersecurity: The Augmented Risks We All Need to Know About." World Economic Forum, 2024, www.weforum.org/stories/2024/10/ai-agents-in-cybersecurity-the-augmented-risks-we-all-need-to-know-about/.

[8] PrivacyEnd. "The Psychology Behind Cyber Attacks Leading Data Breaches." PrivacyEnd, www.privacyend.com/psychology-behind-cyber-attacks-leading-data-breaches/. Accessed 22 Nov. 2024.

[9] CrowdStrike. "Global Threat Report: Adversary Abuse of Generative AI." CrowdStrike, 2023, www.crowdstrike.com/global-threat-report/.

Upgrade your subscription for exclusive access to member-only insights and services.

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.