token article

Cyber-attacks are already the most significant operational and financial threat to almost every type of business. Surveys of CISOs Persistent phishing attacks, identity protection, social engineering, and subsequent data breaches and ransomware attacks are top concerns.

These concerns are well founded. Each new day brings fresh headlines of another major breach or successful ransomware attack. The Cyber ​​Security and Infrastructure Security Agency (CISA), an agency of DHS, reports that 90% of ransomware attacks begin with phishing. Last quarter saw the first individual ransomware losses exceed one billion dollars, and a leading news media reported nine new major breaches in a single week.

What is driving this epidemic and how bad will it get?

The answers are both simple and complex. The simple answer is that this next generation of cyber attacks is driven by the incredible power and innovation of generative AI, while the basic defenses used by most organizations to stop the majority of cyber attacks are twenty years of multi-factor authentication ( MFA).

We will look at each of them in detail below.

Digital transformation has been reshaping society for decades, and now the most profound changes are taking place thanks to generative AI. Along with the innumerable conveniences and benefits brought to us by technological advancements, there are also dangers and pitfalls. Among which is the most prominent. Identity attack that generated AI And a new wave of cybercriminal tools will enable that. The proliferation of a new generation of very powerful and user-friendly hacker tools will democratize cyber attacks by enabling almost anyone with Internet access to launch cyber attacks. This stems from the rise of the gig economy, creating an environment that will enable cybercrime activities to be carried out by untrained individuals.

The franchise model comes into cybercrime.

Phishing and ransomware attacks were once the exclusive domain of highly skilled cybercriminals. With the power of generative AI and new cybercriminal tools, the ability to rapidly launch cyber attacks is now easily accessible to the public through Ransomware-as-a-Service (RaaS) and generative AI tools on the dark web. These advanced hacker tools remove the complexity and knowledge requirements of cyberattacks and enable almost anyone with a computer and Internet access to launch an attack.

The process begins with skilled developers creating ransomware, which they then offer to affiliated/would-be cybercriminals for a fee or a share of the criminal profits. Cybercriminals have developed easy-to-use platforms where affiliates can register, select their preferred ransomware package, and manage their activities. They also provide user-friendly dashboards, tools for managing attacks, the ability to track payments, and extensive “customer support.” An affiliate may lack any advanced technical skills, including social engineering, phishing, or exploiting software vulnerabilities, and still immediately become a dangerous cybercriminal.

Affiliates often launch attacks with phishing emails that steal user login credentials. Next, they defeat the League MFA of the infected organization. There are more than half a dozen proven and effective ways to bypass legacy MFA, including SIM-swapping, session hijacking, social engineering, MFA prompt bombing, and others. After gaining successful network access, the attacker exfiltrates sensitive data and/or encrypts the victim’s files, making them inaccessible. Ransomware payments are managed through a RaaS platform. Affiliates and developers share in the ransom, often splitting the profits around 70% for affiliates and 30% for developers.

The Role of the Dark Web

The dark web has played a major role in the accessibility of these tools. Marketplaces on the dark web offer a variety of hacking tools and services, from simple phishing kits to sophisticated malware. These platforms work remarkably like legitimate e-commerce sites. You will find user reviews, ratings and customer support. The anonymity provided by the dark web creates a haven for cybercriminals to market their devices and services without fear of law enforcement. And the same goes for attackers.

The number of RaaS operators has grown exponentially and competition among cybercriminals has driven down prices and increased profits for affiliates. As cyber attack tools are democratized and barriers to becoming a cybercriminal are removed, we will see a continued rise in ransomware incidents. We are on the leading edge of this and are just beginning to see the significant financial and operational toll it will have on individuals and organizations.

Cybercrime in the gig economy

The gig economy is characterized by short-term, flexible jobs, facilitated by digital platforms. It has seen a significant increase in recent years and there are now more than 60 million American gig workers and very few people who do not use these services in some way. We have gig workers who shop for us in the morning, deliver food for us at lunch, and provide transportation for us in the evening.

The gig economy has created a large pool of individuals who can now turn to cybercrime out of necessity or curiosity. The accessibility of democratized hacker tools means that even those without formal training can engage in illegal cybercrime activities anonymously, on a part-time basis, from anywhere. Financial incentives and low odds of getting caught will drive large numbers of individuals to cybercrime. Cybercrime activities can be extremely lucrative, often paying far more than legitimate gig work.

Mitigation and defense strategies

Addressing the democratization challenges of cyber-attacks requires a multi-pronged approach that includes technical and educational initiatives.

Organizations must invest in advanced cyber security technologies to protect against the increasing volume and sophistication of attacks. This includes the deployment of next-generation firewalls, multi-factor authentication, intrusion detection and prevention systems, and endpoint protection solutions. Additionally, the use of artificial intelligence (AI) and machine learning (ML) can enhance threat detection and response capabilities.

90% of data breaches and ransomware attacks result from phishing and social engineering that steal user credentials and defeat legacy MFA. Not all MFAs are created equal, and most MFAs are twenty-year-old technology. There is an urgent need to implement it. Phishing-resistant, next-generation MFA. Next-generation MFA eliminates all current methods that are being used to defeat legacy MFA.

Read exclusive insights from the latest Impact Leaders SurveyA renowned leadership advisory firm that conducted research on senior security executives to gather their perspectives on MFA solutions and trends.

It’s simple – if cybercriminals are defeating your locks, get better locks.

Creating awareness and educating people about cybersecurity is also very important to reduce the threats posed by untrained hackers. This includes providing training on safe online practices and identifying the latest phishing and social engineering attacks.

Result

The democratization of cyber attacks due to the availability of easy-to-use hacking tools and the rise of the gig economy presents significant challenges for cyber security. Untrained individuals are now capable of launching sophisticated attacks, increasing the volume and complexity of threats facing organizations. Addressing these challenges requires upgrading existing defense technologies, most importantly legacy MFA. By adopting these strategies, we can mitigate risks and protect against the ever-changing cyber threat landscape.

John Gunn – CEO and Next Generation MFA Evangelist
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgWBPDJYCLklHdEV3LtOQe4CHG0p3UYFzeiPKVfMhI5RISzROxuEnnMgkVcHNVY3USAwjyXhXm6M6VM65R gVEK-H2vlUaHRvjpSGUhTKkB8SdN_B50-5u9Ooo1Aj8Qz4 pav183N_r0DMh6cjQJLd41uGBhKi2HLwuMRtuNzMlIoKH/s100-rw-e365/

Did you find this article interesting? This article is a contributed piece by one of our valued contributors. Follow us. Twitter And LinkedIn To read more exclusive content we post.





Source link