No prizes for guesses: the four trends involve AI-enhanced attack planning, phishing, email campaigns and vulnerability exploits
With increased digitalization, organizations’ attack surfaces are expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities — especially with the inroads made with generative AI solutions.
According to one cybersecurity firm’s research, the four avenues through which cybercriminals are sharpening their attack strategies are: using online ads as an attack vector; usage of AI for maximum attack reach and productivity; exploitation of AI-enhanced email phishing campaigns; and exploitation of organizations’ lags in security patching.
The four avenues are nothing new by now, but the approach is being made more versatile and less susceptible to language barriers and common ways of detection:
- Online ads as an attack vector: Threat actors have been using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.
- AI makes cybercriminals more productive, adaptable: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier.
- Exploiting email technology: Many organizations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats.
- Can any organization patch up fast enough? Attackers have been exploiting new vulnerabilities faster, prompting a high-stakes race between threat actors and defenders after a public vulnerability disclosure.
According to Ron Feler, Global head of threat intelligence, BlueVoyant, the firm releasing its research based on its user ecosystem data: “The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks. While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.”
The firm recommends the usual best practices, including timely patching, implementing Sender Policy Frameworks, DKIM and DMARC for email security, building a comprehensive defense regime including supply chains, customers, employees and staff.