Darktrace - Generative AI Changes Everything You Know About Email Cyber Attacks

Darktrace - Generative AI Changes Everything You Know About Email Cyber Attacks

In new data published today, Darktrace reveals that email security solutions, including native, cloud, and ‘static AI’ tools, take an average of thirteen days from an attack being launched on a victim to that attack being detected, leaving defenders vulnerable for almost two weeks if they rely solely on these tools.

In March 2023, Darktrace commissioned a global survey with Census-wide to 6,711 employees across the UK, United States, France, Germany, Australia and The Netherlands to gather third-party insights into human behavior around email, to better understand how employees globally react to potential security threats, their understanding of email security and the modern technologies that are being used as a tool to transform the threats against them.

Key findings (globally and U.S.) indicate:

  1. Eighty-two percent of global employees are concerned that hackers can use generative AI to create scam emails that are indistinguishable from genuine communication.
  2. The top three characteristics of communication that make employees think an email is a phishing attack are: being invited to click a link or open an attachment (68%), unknown sender or unexpected content (61%), and poor use of spelling and grammar (61%)
  3. Nearly 1 in 3 (30%) of global employees have fallen for a fraudulent email or text in the past
  4. Seventy percent of global employees have noticed an increase in the frequency of scam emails and texts in the last 6 months
  5. Eighty-seven percent of global employees are concerned about the amount of personal information available about them online that could be used in phishing and other email frauds
  6. Over a third of people have tried ChatGPT or other Gen AI chatbots (35%)

The Email Threat Landscape Today
Darktrace researchers observed a 135% increase in ‘novel social engineering attacks’ across thousands of active Darktrace/Email customers from January to February 2023, corresponding with the widespread adoption of ChatGPT. These novel social engineering attacks use sophisticated linguistic techniques, including increased text volume, punctuation, and sentence length with no links or attachments. The trend suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.

In addition, threat actors are rapidly exploiting the news cycle to profit from employee fear, urgency, or excitement. The latest iteration of this is the collapse of Silicon Valley Bank (SVB) and the resulting banking crisis, which has presented an opportunity for attackers to spoof overly sensitive communication, for example seeking to intercept legitimate communication instructing recipients to update bank details for payroll. Seventy-three percent of employees working in financial services organizations have noticed an increase in the frequency of scam emails and texts in the last six months.

Innocent human error and insider threats remain an issue. Many of us (nearly 2 in 5) have sent an important email to the wrong recipient with a similar looking alias by mistake or due to autocomplete. This rises to over half (51%) in the financial services industry and 41% in the legal industry, adding another layer of security risk that is not malicious. A self-learning system can spot this error before the sensitive information is incorrectly shared

What Does the Arms Race for Generative AI Mean for Email Security?

Your CEO emails you to ask for information. It is written in the exact language and tone of voice that they typically use. They even reference a personal anecdote or joke. Darktrace’s research shows that 61% of people look out for poor use of spelling and/or grammar as a sign that an email is fraudulent, but this email contains no mistakes. The spelling and grammar are perfect, it has personal information, and it is utterly convincing. But your CEO did not write it. It was crafted by generative AI, using basic information that a cyber-criminal pulled from social media profiles.

The emergence of ChatGPT has catapulted AI into the mainstream consciousness - 35% of people have already tried ChatGPT or other Gen AI chatbots for themselves – and with it, real concerns have emerged about its implications for cyber defense. Eighty-two percent of global employees are concerned that hackers can use generative AI to create scam emails indistinguishable from genuine communications.

Emails from CEOs or other senior business leaders are the third highest type of email that employees are most likely to engage with, with over a quarter of respondents (26%) agreeing. Defenders are up against Generative AI attacks that are linguistically complex and entirely novel scams that use techniques and reference topics that we have never seen before. In a world of increasing AI-powered attacks, we can no longer put the onus on humans to determine the veracity of communications. This is now a job for artificial intelligence.

By understanding what is normal, it can determine what does not belong in a particular individual’s inbox. Email security systems get this wrong too often, with 79% of respondents saying that their company’s spam/security filters incorrectly stop important legitimate emails from getting to their inbox.

With a deep understanding of the organization, and how the individuals within it interact with their inbox, the AI can determine for every email whether it is suspicious and should be actioned or if it is legitimate and should remain untouched.

This approach can stop threats like:

  1. Phishing
  2. CEO Fraud
  3. Business Email Compromise (BEC)
  4. Invoice Fraud
  5. Phishing scams
  6. Data Theft
  7. Social Engineering
  8. Ransomware & Malware
  9. Supply Chain Attack:
  10. URL-based spear-phishing
  11. Account Takeover
  12. Human Error
  13. Ransomware & Malware
  14. Microsoft
  15. Insider Threat

Self-learning AI in email, unlike all other email security tools, is not trained on what ‘bad’ looks like but instead learns you and the normal patterns of life for each unique organization.

Social engineering – specifically malicious cyber campaigns delivered via email - remain the primary source of an organization’s vulnerability to attack. Popularized in the 1990s, email security has challenged cyber defenders for almost three decades. The aim is to lure victims into divulging confidential information through communication that exploits trust, blackmails or promises reward so that threat actors can get to the heart of critical systems.

Social engineering is a profitable business for hackers – according to estimates, around 3.4 billion phishing e-mails get delivered every day.

As organizations continue to rely on email as their primary collaboration and communication tool, email security tools that rely on knowledge of past threats are failing to future-proof organizations and their people against evolving email threats.

Widespread accessibility to generative AI tools, like ChatGPT, as well as the increasing sophistication of nation-state actors, means that email scams are more convincing than ever.

Humans can no longer rely on their intuition to stop hackers in their tracks; it is time to arm organizations with an AI that knows them better than attackers do.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity


New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3