AI-powered Cyber Attacks Cast Unprecedented Threats on IT Leadership
35% of IT leaders feel they are ill-equipped to defeat attack vectors related to AI-powered cyber attacks.
So, the year 2024 will be remembered for the massive growth in the number of AI-powered Cyber Attacks targeting global organizations.
If you thought a strong password is the answer to advanced cyber attacks, then you are wrong. Hackers can try 2.18 million password combinations— oops, sorry, 2.18 b******, oops sorry again….
Argh, let me try this again.
Hackers can try 2.18 trillion password combinations in less than 30 seconds to inflict a brute force attack on your organization.
A recent analysis of emerging use cases in the IT security and networking industry show AI is used by both attackers as well as targeted organizations to meet their agenda. It’s a game of cat-and-mouse as far as who outwits the other with AI. According to a latest research, 95% of IT leaders believe they are facing advanced cyber attacks through vector that use sophisticated AI tools to break into their systems. Today, the stakes for IT and security leaders are higher in 2024 than ever before, and so, the fundamental approach to building a secured organization invariably begins with AI-controlled password management, identity authentication, end-point security, and Privileged Access Management (PAM) solutions. Every organization requires a single-view solution with a layered security approach to withstand common and new sophisticated cyberattacks.
Zero Trust cybersecurity software provider Keeper Security announced a new report title, “Information Security and Compliance Future Trends 2024” for IT leaders, enabling them with the knowledge of sophisticated AI-powered cyber attacks, importance of PAM solutions, and how to mitigate risks from devastating insider/outsider breaches. The report found novel AI-generated and AI-propagated threats loom large over the IT industry, even as organizations consider new investments to bolster their cybersecurity infrastructure. For instance, more than 90% of IT leaders surveyed during the research said attacks have increased in numbers (92%) as well as become more sophisticated (95%) in the last one year. With disparate IT solutions taking care of the different cybersecurity needs, IT leaders feel there is a serious lack of consolidation and integration, largely due to the sprawl and BYOD tactics within the digital workspace. Organizations can perform well against attacks if IT leaders can manage their existing stacks using simplified PAM solutions and tools.
AI ML News:
SolarWinds Unveils New AI Solution to Transform IT Service Management
Keeper Security’s next-generation, zero-trust KeeperPAM solution is designed for perimeter-less and multi-cloud environments without the prohibitive costs or deployments typically associated with traditional PAM solutions. It addresses the need to achieve visibility, security, reporting and control across an entire organization, for every user, on every device, from every location.
At the time of this announcement, Craig Lurey, CTO and Co-founder, Keeper Security said, “Zero trust has the potential to revolutionize the future of the cybersecurity industry, and Keeper is at the forefront of that revolution. We are committed to providing cutting-edge solutions that empower businesses of all sizes to navigate the ever-evolving digital landscape securely, connecting enterprises and consumers with the digital resources they need in the simplest and most secure way possible.”
From my side, here are the key takeaways from the Keeper Security report on AI-powered cyber attacks.
#1 Cybersecurity is the number one priority for leaders
92% of IT and security leaders have spelled their number one priority for 2024– Cybersecurity. Nearly two-thirds of IT professionals had to bear monetary losses due to a cyber attack on their organization. Other disruptions followed as time lapsed.
As threats continue to evolve in terms of sophistication, impact and numbers, IT and security leaders should align their efforts accordingly. They should focus on zero trust strategies to stay on top of new regulations, advancements in technologies, and AIOps. Losing focus today means loss of revenue, tarnished reputation, customer-partner attrition, and total business disruption.
SlashNext recent cybersecurity threats report revealed a 1,265% increase in p******* emails since the launch of ChatGPT, signaling a new era of cybercrime fueled by generative AI.
Joshua Aaron, CEO, Aiden Technologies said, “The recent vulnerability in GitHub Enterprise Server underscores the critical importance of timely software patch management. This incident serves as a stark reminder that unauthorized access risks can only be mitigated through rigorous and proactive patching. We emphasize the necessity of continuous vulnerability monitoring and adherence to regulatory standards. Effective patch management isn’t just about preventing breaches — it’s ultimately about safeguarding systems containing sensitive data and maintaining trust. IT leaders must find proactive solutions that elevate their patch management strategies, keeping pace with emerging threats and regulatory demands. By prioritizing updates and implementing robust security measures, businesses can significantly reduce the risk of data breaches and enhance their overall cybersecurity posture.”
#2 Every part of the organization is on the “target”
According to KnowBe4’s research, HR and IT-related emails are camouflaged as vectors for p******* scams by ransomware gangs. On similar lines, Keeper Security’s report named these parts that have faced attacks.
- IT services (58%)
- FinOps (39%)
- Supply chain management (29%)
- Data analytics and reporting (28%)
- R&D (28%)
In fact, another report found Generative AI bots are tricked into divulging sensitive information at various levels of security management. The GenAI bots are susceptible to human manipulation and prompt injections.
Read More: QR Code-Based Attacks Are Growing in Popularity; Now Comprise 11% of All Malicious Emails
#3 Which cyber attacks scare IT leaders the most in 2024?
P******* emails continue to be one of the most common methods for executing cyberattacks on organizations worldwide, as per KnowBe4. When attackers use AI-powered cyber attacks to unleash their wrath, the impact magnifies manifold. So, IT professionals consider AI-powered cyber attacks as the most serious emerging types of attacks. Other types include:
- Deep fake technology
- Supply chain attacks
- Cloud jumping
- IoT attacks
- 5G network exploits
- Fileless attacks
Combined with the AI spears that are penetrating into existing IT security frameworks, IT leaders’ lack of preparedness itself leads to wider damage to the organization. 35% of IT leaders feel they are ill-equipped to defeat attack vectors related to AI-powered cyber attacks. The antidote against these ever-evolving AI-powered cyber attacks is a known entity: AI, itself.
Patrick Harr, CEO, SlashNext said, “Humans have been, and will continue to be, the weakest point in any organization’s security. There is a reason threat actors continue to iterate on tactics like p******* that have been around for decades – they are highly effective.”
He added, “Threat actors are using gen AI to customize messages for their victims, write more convincing messages, and dramatically accelerate the speed and volume of these attacks with little to no added cost.”
#4 Weaponizing AI solutions to prevent cyber attacks
The idea of using AI to fight cyber attackers is gaining traction globally. 51% of IT leaders plan to increase their AI application for data encryption; for employee training and awareness (45%), and for installing advanced threat detection systems (41%).
50% of IT leaders in North America plan to use threat detection systems and data encryption solutions against AI-powered cyber attacks. These tactics could be useful to combat current and emerging threats arising from vectors related to p*******, malware, ransomware, password attacks, and DoS attacks.
#5 Steal p********, get rich!
Did you know, if cybercrime was a nation-state on the planet, it would be the third-largest in terms of GDP. Password hacking for p******* and other cyber crimes is a goldmine of sorts for attackers. By virtue of their revenue generation from cybercrimes, AI investments to run their machinery seems like a cakewalk. In most cases, cyber attackers are funded for their AI investments way better than what their targets and victims could plan and think of.
Password attacks are the most common cyber attacks in North America. Most breaches occur due to weak p******** or credentials, and password sharing with others. These are easily stolen to gain access into the systems and for social engineering. AI-powered cyber attack gangs use sophisticated password crackers and engineering capabilities to scrap through database. Most actions lead to installing memory-scraping malware, shoulder surfing, third-party breaches, and so on.
Patrick concluded, “In addition to CAPTCHA-based attacks, QR code-based attacks are growing in popularity and now comprise 11% of all malicious emails – often embedded in legitimate infrastructures. The onus should not be on users to identify and avoid sophisticated attacks, especially when the research proves that relying on training and traditional cybersecurity tools is ineffective against modern attack tactics. It’s time to fight AI with AI and implement AI-powered email and messaging security tools that keep malicious messages out of users’ inboxes altogether.”
Conclusion:
AI-powered cyber attacks would continue to give sleepless nights to IT leaders and security professionals. P******** are only low-hanging fruits. With advancing AI tools, attacking gangs could stall an entire economy by converting unauthorized applications and licenses into self-propagating vectors. Password management and PAM solutions could prevent common attacks. However, it would require more than just having access to best security solutions. Organizations should adopt a strong line of defense to promote security as a culture — which requires adequate training on tools management, zero trust policies, and cybersecurity resilience.
Comments are closed.