Phishing attacks, especially in the age of ransomware, have become the scourge of IT. Each year, cybercriminals are employing various levels of automation to now launch millions of phishing attacks.
IBM today unveiled a cognitive engine that employs machine learning algorithms to identify fake Web pages linked to phishing attacks 250 times faster than a security professional can do on their own. Once identified, that information is then fed into the IBM Trusteer fraud prevention suite of software that can be used to block end users from ever visiting those pages.
Limor Kessem, executive security advisor for IBM Security, says it’s critical to identify Web pages that are being used to trick end users into giving up their passwords as soon as possible. A full 70 percent of credentials are stolen in first hour of a phishing attack. Within four hours into that that number rises to 80 percent. Trying to identify all those Web pages in the first few hours of attack is not possible without some help in the form of machine learning algorithms, says Kessem.
“There are just too many Web pages that need to be identified,” says Kessem.
Kessem says one of the best parts about machine learning algorithms, however, may be the simple fact that they continue to learn. Once a type of Web page has been identified as a source of a phishing attack, machine learning algorithms will remember that forever. In contrast, each human being brought in to identify a phishing attacks needs to learn how to identify the same markers over again.
Of course, this isn’t the first instance of IBM taking advantage of a form of artificial intelligence to improve security. Last week, IBM announced it is using machine learning algorithms enabled by the IBM Watson platform to more efficiently deliver security patches to endpoints, while at the same time demonstrating a prototype of an IBM Havyn project at the IBM InterConnect 2017 conference that makes use of Watson to create a chatbot through which administrators can verbally query Watson on how best to resolve a security issue.
Phishing attacks have now been with us for well over two decades. But it’s only more recently that they have proven to be the most efficient means of launching a ransomware attack that makes use of encryption to hold data hostage until a payment is made to gain access to the key needed to decrypt those files. While there may be no cure to prevent those types of attacks from being launched, the good news is that machine learning algorithms can play a part in limiting the amount of damage one of those attacks might potentially inflict.