BlueVoyant has released its second “External Cyber Defence Trends” report (registration required) highlighting a range of new tactics used by cyber-criminals. Generative AI for phishing, online advertisements as an attack vector, and continued quicker exploitation of new vulnerabilities are among its findings.
Joel Molinoff, BlueVoyant’s global head of supply chain defence, said, “Organisations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities.
“BlueVoyant undertook this research to shine a light on the attack vectors organisations need to be aware of and recommended actions to help prevent the latest threats.”
Key takeaways from the report
Unsurprisingly, the use of AI by cyber-criminals is all over this report. It not only makes it easier for them to generate attacks but with a minor tweak to the prompt they use, new attacks can be created. It means that sustained cyber-attack campaigns can be run for little effort.
An example of an AI-generated attack campaign is an attack on a brand’s reputation. Gen-AI is used to create an initial story, which is then circulated online. Follow-up stories are then linked back to the first one which creates a depth of material which adds legitimacy to the malicious campaign.
The same can be seen in targeted phishing campaigns. Attacks can be tuned around a number of vectors to make them more effective. The use of Gen-AI pulls in additional material to help make the phishing attack more believable. If done manually, it would be time-consuming and reduce the number of attacks that can be brought.
Another area that BlueVoyant has specifically called out is the use of online ads as an attack vector. It is not a new attack vector but is now on the rise. BlueVoyant is seeing more impersonation ads that are highly accurate due to AI.
Email and Patching are still an issue
Email security has come back on everyone’s radar. It should never have gone away but the insistence on the use of DMARC by Google has raised awareness. Additionally, poor email security allows phishing emails that seem to come from a trusted source when they are not. This is not hard to deal with, but it requires more attention to detail by security teams.
Patch, patch and patch again. Vulnerabilities are being exploited faster and faster. There are gen-AI tools out there being used on the dark web that create exploitation code quickly. It reduces the need for cyber-attackers to understand the exploit and write their own code. The result is that attacks are often circulating before people have started to patch.
However, there is a caveat to patching. Most organisations get overwhelmed by the size of the patching challenge they face. What they need to do is find a way to prioritise what needs to be patched and when. In doing so, they reduce the risks of any patching delay.
Enterprise Times: What does this mean?
That AI is such a big part of the attackers’ toolkit should come as no surprise. Many of the attacks it enables are not new. However, what it brings is a speed of response and the ability to generate new attacks with an authority that would take significant manual work otherwise.
At 14 pages, this is not a long report but does throw up some key work items that security teams need to consider.