blog

Phishing and Ransomware Armageddon!

Generative artificial intelligence allows anyone to launch sophisticated phishing attacks that only next-generation MFA tools can stop.

The least surprising development for 2023 is that ransomware has once again broken records for the number of incidents and the damage caused. Each week saw new headlines featuring a who’s who of big-name organisations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace and many others can’t stop the attacks, how can a smaller organization?

Ransomware and phishing, hand in hand

Ransomware attacks, the cyber threat that comes from phishing, are bigger and more dangerous than anything else. CISA and Cisco report that 90 per cent of data breaches are the result of a phishing attack, with total monetary losses exceeding $10 billion. The Splunk report found that 96 percent of companies have been victims of at least one phishing attack in the past 12 months, and 83 percent have suffered two or more.

Anyone who works in the cybersecurity segment has seen incredible advances in protection over the past 20 years. The only thing that hasn’t improved is the people. Users in every organization are not much more advanced at stopping cyber attacks than they were two decades ago. That’s why phishing is so effective for cybercriminals – because it exploits human weaknesses, not technology. That leaves traditional MFA as the most critical defense mechanism, and guess what, most companies are using legacy MFA technology that is also 20 years old.

Here’s why things are about to get much worse. With the rise of Generative Artificial Intelligence (GenAI), cybercriminals are able to take phishing to a whole new level, where it can become almost impossible for users to be identified in any attack, and attackers will now be able to do so with little effort.

What has GenAI to do with phishing?

Generative artificial intelligence allows anyone to launch sophisticated phishing attacks that only next-generation MFA tools can stop.

The least surprising development for 2023 is that ransomware has once again broken records for the number of incidents and the damage caused. Each week saw new headlines featuring a who’s who of big-name organisations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace and many others can’t stop the attacks, how can a smaller organization?

Ransomware and phishing, hand in hand

Ransomware attacks, the cyber threat that comes from phishing, are bigger and more dangerous than anything else. CISA and Cisco report that 90 per cent of data breaches are the result of a phishing attack, with total monetary losses exceeding $10 billion. The Splunk report found that 96 percent of companies have been victims of at least one phishing attack in the past 12 months, and 83 percent have suffered two or more.

Anyone who works in the cybersecurity segment has seen incredible advances in protection over the past 20 years. The only thing that hasn’t improved is the people. Users in every organization are not much more advanced at stopping cyber attacks than they were two decades ago. That’s why phishing is so effective for cybercriminals – because it exploits human weaknesses, not technology. That leaves traditional MFA as the most critical defense mechanism, and guess what, most companies are using legacy MFA technology that is also 20 years old.

Here’s why things are about to get much worse. With the rise of Generative Artificial Intelligence (GenAI), cybercriminals are able to take phishing to a whole new level, where it can become almost impossible for users to be identified in any attack, and attackers will now be able to do so with little effort.

Next-Gen MFA: Disrupting the phishing attack surface

Next-generation MFA replaces traditional credentials, password-based authentication and the inconvenient and vulnerable old MFA solutions. The next-generation MFA paradigm relies on a physical, wearable, FIDO2-compliant device that eliminates the human element in phishing – making it virtually phishing-proof. These cutting-edge biometric wearable devices also protect organizations against BYOD vulnerabilities, lost and stolen credentials, weak passwords, credential stuffing, MFA fatigue and easily stolen SMS one-time passwords. Unlike traditional MFA, attackers simply cannot bypass next-generation MFA through malware, MFA fatigue, adversary-in-the-middle (AiTM) attacks and other methods. Because the authenticator always stays with the user, wearable next-gen MFA tokens are always secure and immediately available for authentication. The device can only be used by the authorised user and no attacker can access the secrets, keys and biometric data stored on it.

GenAI is driving an impending tsunami of phishing attacks that will effectively nullify traditional phishing defenses and render traditional MFA obsolete. Wearable, next-generation MFA devices, such as the Token Ring, will stop the most sophisticated phishing attacks and can be a good defense against the coming phishing armageddon.

Depending on user awareness, people may be able to detect, act, report and stop these attacks. However, this requires the right knowledge and awareness.


Source: There is a Ransomware Armageddon Coming for Us All (thehackernews.com)

Author:
Kóka Vajk Csanád
Let’s talk

Ask our experts!

Consultancy

FORTIX Consulting Ltd.
Address: 1114 Budapest, Magyari István Street 2.

Office: 1061 Budapest, Liszt Ferenc square 2. 4th floor 1st door
hello@fortix.hu

Dr. Norbert Simon
+36 30 255 7866
norbert.simon@fortix.hu

Newsletter
Keep in touch! Up-to-date industry news, exciting articles, weekly.
Az év Családbarát vállalata 2023Opten A MinősítésAz év Családbarát vállalata 2023Innovatív márka 2023
Fortix facebookFortix LinkedinFortix youtube
Copyright © FORTIX Consulting Ltd.