AI technologies are becoming widely integrated into phishing toolkits sold on the dark web, enabling even unskilled attackers to launch highly sophisticated attacks. These kits, often including tools like deepfake generation, make phishing campaigns harder to detect and cheaper to execute. This trend, driven by generative AI, has led to an increase in phishing incidents, forcing cybersecurity professionals to adapt by incorporating AI-driven defences to counter the growing threat.

Keys to understand:

• Phishing Toolkits with AI: Around 74.8% of phishing kits now include AI features, while 82% mention deepfake technology, allowing less skilled attackers to perform advanced phishing.
• Generative AI Impact: AI-driven phishing is escalating, making detection harder as traditional signs like spelling errors or awkward grammar are eliminated.
• Commoditization of AI: Phishing-as-a-service toolkits are sold cheaply on the dark web, allowing easy access to advanced cyberattack tools.
• Surge in Phishing Attacks: A 28% increase in phishing emails in the first half of the year highlights the growing scale of the threat.
• AI for Cybersecurity: Security experts advocate for the use of AI by defenders to match the AI capabilities used by attackers, emphasising AI’s role in enhancing threat detection and reducing response times.

Important Action to Take:

Organisations and managed security service providers (MSSPs) must adopt AI-based defence mechanisms to counter the growing threat posed by AI-powered phishing kits. These tools help in real-time phishing detection, improve response times, and enable more proactive security strategies.

With phishing kits leveraging AI becoming more common, organisations must integrate AI into their defences to stay ahead of attackers. To improve security resilience, organisations should:

• Adopt AI-powered threat detection systems.
• Increase investments in AI-driven email security.
• Enhance staff training to recognize sophisticated phishing attempts.
• Continuously monitor for deepfakes and other AI-generated content.
• Collaborate with cybersecurity vendors and MSSPs to implement advanced AI-based solutions.

Source and further reading.

Burt, J. (2024, October 8). AI now a staple in phishing kits sold to hackers. MSSP Alert. https://www.msspalert.com/analysis/ai-now-a-staple-in-phishing-kits-sold-to-hackers