Remaining robust and resilient against cyber threats

By Niall McConachie, regional director (UK & Ireland) at Yubico.

  • 1 month ago Posted in

The past few months have been challenging for information security as organisations continued looking for ways to stay ahead of hackers. Overall, phishing attacks increased in frequency and complexity, in part likely driven by a major trend: artificial intelligence (AI) phishing attacks. Phishing remains the most prevalent attack method amongst bad actors, mainly due to its relatively low cost and high success rate. The significant implementation of AI in the coming years only furthers this problem.  

Across the board, businesses, governments and consumers have been targeted via phishing attacks, with cyber criminals often seeking credentials and identity information, to subvert legacy multi-factor authentication (MFA).  

According to Yubico’s recent survey, 91 percent of employees still rely solely on a username and password to secure their accounts, which could be a contributing factor as to why phishing attacks are so prevalent. To stay as secure as possible, there must be a shift away from passwords and other weak forms of authentication, and a move towards modern, phishing-resistant MFA, such as hardware security keys. As cybersecurity threats continue, it is essential for businesses and consumers to implement strategies alongside phishing-resistant MFA to prevent these attacks.  

Prioritise implementing Zero Trust strategies 

Although businesses spend a lot of time and energy attempting to prevent breaches, cybercrime is somewhat inevitable. When attacks take place, the next line of defence should be to minimise the impact of the breach. When implemented holistically, Zero Trust Architectures (ZTA) create additional trust boundaries that limit the attacker’s ability to move laterally.  

The adoption of ZTAs has also driven attackers towards post-authentication attacks, forcing them to try and subvert preventative measures such as device registration. It is common for enterprises to require specialised registered devices for administrative access to the environment. Registration of one of these devices should be a rare event – so much so that it is appropriate to notify a broad set of operations personnel to the event to ensure it is authorised.  

This type of approach provides defenders with an opportunity to detect attacks early. In fact, quite a few high-profile attacks in the last few years have been detected this way. Well-crafted alerts around rare and sensitive events that are then reviewed by personnel should be prioritised throughout 2024 and beyond.  

Preparing for advanced AI-driven attacks 

While there are known benefits of generative AI, bad actors can use this technology to their advantage. For example, generative AI can assist with phishing attacks by writing customised emails on a massive scale or placing scam phone calls to thousands of people at once. By automating the time, skill, and labour-intensive parts of running phishing campaigns, generative AI can increase the number of attacks and lower the bar for less savvy cyber criminals to conduct phishing attacks.  

Phishing attacks usually focus on convincing the victim to provide personal information, but attacks can be mitigated by validating the request using an alternative communication path.  Although some forms of communication, such as a phone or video call, are generally thought to be trustworthy, it is important to understand that cyber criminals can use AI to mimic voices. Additionally,  if an individual receives an email from a family member asking for money to help them get out of a situation, the end receiver should call them using a recognised phone number to confirm the situation.  

Increasing misinformation around global events and election campaigns  

AI and deep fakes will have a major impact around the world, especially when it comes to spreading misinformation to influence global events and elections. 2024 is a major election year in many countries across the globe, including the UK. With this in mind, there will likely be a steady rise in attacks in an attempt to erode the public’s confidence in election systems and to undermine democracy. The challenge will be mitigating the threat of deep fakes to limit their impact. 

Common methods of consuming information and communication will need to adopt some of the ideas that have been incorporated into Zero Trust models. Video content sites may need a method for viewers to confirm the identity of individuals appearing in videos to combat concerns of deep fakes – and the same should be true for email content.  

Individuals and organisations should always double check their sources and be sceptical of content that is too good to be true or feels off. To have any meaningful impact on disinformation, governments around the world need to continue prioritising cybersecurity and partnering on cybersecurity posture. As passkeys become ubiquitous and the adoption of electronic identities becomes more common, there will be basic building blocks required to increase the trust in content and communication systems, using well-understood and battle-hardened approaches.  

Adapting to the expected rise of post-authentication threats 

The last few years have seen an increase in the adoption of MFA, meaning attackers have needed to adapt and broaden their tactics around these new defences. Additionally, there has been a return to social engineering attacks that entice victims into downloading and installing software, as well as a resurgence of fake, but convincing, web pop-ups that lead victims to believe their device is infected. This eventually turns into a common call centre-based technical support scam.   

Although not new, there has been an increased focus on stealing browser tokens that allow an attacker to impersonate the victim. These tokens or identifiers are set after successful authentication and are used to uniquely identify the authenticated user as part of their web session. In some cases, these tokens are traded and sold and can sometimes support larger ransomware or extortion campaigns. The prevalence of token-based theft is leading to more research into token binding, a technical solution that ties the token to a specific device. This allows defenders to detect when the tokens are stolen and then used on a different device or in a different geographic location.  

Looking ahead  

In light of increasing cybersecurity threats in 2024, companies should prioritise advanced cybersecurity methods and educate the workforce on the need for better cybersecurity practices. By doing so, they are better positioned for success when mitigating emerging cyber threats.  

Organisations must consider implementing phishing-resistant solutions such as strong MFA that offers security and convenience. For example, FIDO2 security keys are proven to be the most effective phishing-resistant option for business-wide cybersecurity. By removing the reliance on passwords, MFA can be used for both personal and professional data security. 

Companies also need to be more proactive in changing attitudes surrounding cybersecurity, as employees at all levels can be the biggest strength or weakness in cybersecurity. Regular cyber training paired with robust passwordless security will equip employees to be effective cyber defenders. 

There are many opportunities to become more cyber secure and stay ahead of evolving information security threats. In 2024 and beyond, attackers will certainly continue evolving and adapting to keep up with changing cybersecurity postures, so it is vital that businesses and consumers around the world do the same.  

By Richard Montbeyre, Chief Privacy Officer, BMC Software.
By Danny Kadyshevitch, Senior Product Lead, Detection and Response, Transmit Security.
By Andy Mills, VP of EMEA for Cequence Security.
By Muhammad Yahaya Patel, Security Engineer at Check Point Software.
By David Higgins, Senior Director, Field Technology Office at CyberArk.
By Scott Walker, CSIRT Manager, Orange Cyberdefense.
By Erik Scoralick, Senior Manager, Sales Engineering at Forcepoint.
By Frank Baalbergen, Chief Information Security Officer, Mendix.