Spear-phishing attacks present a significant security challenge, with large language models (LLMs) escalating the threat by generating convincing emails and facilitating target reconnaissance. To address this, we propose a detection approach based on a novel document vectorization method that utilizes an ensemble of LLMs to create representation vectors. By prompting LLMs to reason and respond to human-crafted questions, we quantify the presence of common persuasion principles in the email's content, producing prompted contextual document vectors for a downstream supervised machine learning model. We evaluate our method using a unique dataset generated by a proprietary system that automates target reconnaissance and spear-phishing email creation. Our method achieves a 91% F1 score in identifying LLM-generated spear-phishing emails, with the training set comprising only traditional phishing and benign emails. Key contributions include an innovative document vectorization method utilizing LLM reasoning, a publicly available dataset of high-quality spear-phishing emails, and the demonstrated effectiveness of our method in detecting such emails. This methodology can be utilized for various document classification tasks, particularly in adversarial problem domains.

Spear phishing is a social engineering technique targeted towards a targeted individual to divulge confidential information. But creating highly targeted mass spear-phishing emails could take a lot of effort and time. In a recent test conducted by a team of researchers, it was found that they could use Natural Language Processing (NLP) to devise targeted phishing emails. At the end of the research, the team revealed that AI/ML could be used to develop spear-phishing campaigns at a devastating scale. In the recently held Black Hat Defcon security conference in Las Vegas, a team of researchers hailing from the Singapore Government Technology Agency presented the results of their AI/ML generated phishing email test.

It has now been over three decades since the Morris Worm infected an estimated 10% of the 60,000 computers that were online in 1988. It was the personal malware project of a Harvard graduate named Robert Tappan Morris, and is now widely deemed to be the world's first cyber-attack. Fast forward to today, and cyber attacks now stand among natural disasters and climate change in the World Economic Forum's annual list of global society's gravest threats. As businesses, schools, hospitals, and pretty much every other thread in the fabric of society have embraced the internet, cyber crime has transformed from an academic research project into a global marketplace of professional hacking services, and on the geopolitical stage, governments have turned to hyper-advanced cyber attack tools as a means of causing physical damage and disruption to their adversaries' critical infrastructure. The National Cyber Security Centre (NCSC) has detected a rise in cyber attacks targeting academic institutions, including schools and universities.

WASHINGTON - U.S. military cyberforces launched a strike against Iranian military computer systems on Thursday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran's downing of a U.S. surveillance drone, U.S. officials said Saturday. Two officials told The Associated Press that the strikes were conducted with approval from Trump. A third official confirmed the broad outlines of the strike. All spoke on condition of anonymity because they were not authorized to speak publicly about the operation. The cyberattacks -- a contingency plan developed over weeks amid escalating tensions -- disabled Iranian computer systems that controlled its rocket and missile launchers, the officials said.