The FBI and CISA issue joint guidance on emerging threats and ways to stop ransomware
Note: On August 29, the FBI and CISA released a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect themselves against ransomware. Last recommendation, АА24-242Аdescribes a new group of cybercriminals and its attack methods. It also outlines three important actions to take today to reduce cyber threats from ransomware – installing updates as soon as they are released, requiring phishing-resistant MFA (ie, no SMS text) and educating users.
The rise in the number of victims of ransomware attacks and data breaches has become so profound that the new challenge of cyber defense keeps pace with the number of new attacks and the disclosure of information from victims. This is the result of staggering advances in cybercriminal attack methods combined with the slow response of many organizations to adapt to new attack methods. As predicted, Generative AI has truly changed the game for cybercriminals attacking organizations and calls for urgent adjustments to cyber defense strategies.
With this remarkable transformation of threats, one thing that hasn’t changed is the inherent human limitations of ordinary users, which is why they are a preferred target for cybercriminals. No amount of training will ever equip the average user with the super-skills needed to detect advanced phishing campaigns or sophisticated deep fakes.
To understand the impact, Token decided to gather perspectives on this pressing topic from cybersecurity leaders in their own words. To achieve this goal, Token commissioned Datos Insights, a leading global data and consulting firm, to conduct this research study that uncovers the insights and perspectives of leading US CISOs and CMOs. Datos Insights ditched the overused multiple-choice questionnaire approach and conducted a qualitative 60-minute video interview to gain an in-depth look at CISO perspectives. In this article, we will review the valuable insights gained from the research.
CISOs agree that user vulnerabilities are the number one risk
Attack vectors are becoming more sophisticated with the adoption of AI capabilities, particularly generative AI, making it more difficult for CISOs and their teams to defend against them. Cybercriminals most often attack employees of large organizations using phishing attacks to gain access to the network. CISA reports that 90% of ransomware attacks are the result of phishing.
Increase your organization’s security with insights from industry leaders. Download “CISO views on multi-factor authentication“ report to learn how leading CISOs are navigating the changing identity and access management landscape, and learn how you can implement advanced MFA strategies to protect your workforce and strengthen your defenses against emerging threats.
Advanced phishing attacks remain the most effective tool in a hacker’s arsenal. These attacks have become more targeted and sophisticated with the use of Gen AI. The AI generation also allows phishing attacks to be launched targeting specific individuals within an organization at scale and with greater granularity, using real-world data about the organization and its employees to appear authentic. The telltale signs of phishing emails are quickly disappearing as these emails become more and more indistinguishable from legitimate messages. This will quickly negate the value of user training.
The above is further complicated by growth Deepfake technology how Gen AI gave birth to new forms of social engineering attacks. Cybercriminals are now using AI-generated voices and videos to impersonate executives and other trusted individuals. They are carried out through phone calls from trusted phone numbers spoofed by attackers and via Zoom conferencing where cybercriminals impersonate well-known and trusted colleagues. Attackers were able to convince employees to transfer funds, share credentials, and perform other actions that could compromise security. These attacks exploit employees’ internal trust in familiar voices and faces, making them exceptionally dangerous.
The tools to carry out these attacks are now available to billions on the dark web without the need for special skills. Phishing and ransomware attacks were once the exclusive domain of specialist cybercriminals, but with the advent of generative artificial intelligence and new cybercrime tools, these attacks have become available to anyone with access to the dark web, meaning anyone with a computing device. device and internet connection. Ransomware as a Service (RaaS) and AI-powered tools available on the dark web have simplified the process, eliminating the need for advanced skills. This shift allows individuals with minimal technical knowledge to launch sophisticated cyberattacks with just a computer and an Internet connection. The gig economy meets the next generation of cyberattacks.
New attacks require new defense strategies
Adopting a phishing-resistant MFA is critical and no longer a nice to have. As phishing attacks are a major cyber threat to businesses, legacy MFA is becoming increasingly inadequate as more victims are confirmed. Many legacy MFA solutions are decades old technology. The current report highlights the urgency of deploying next-generation phishing-resistant MFA solutions, especially in the face of AI-powered phishing attacks. CISOs must accelerate the transition to MFA solutions that are hardware-based, use biometrics, and are FIDO compliant. This significantly mitigates phishing and ransomware attacks and would have prevented the vast majority of today’s ransomware attacks, saving organizations billions of dollars in combined losses in the past year alone.
Next-generation MFA is best implemented in a targeted deployment for privileged users. The report highlights the importance of prioritizing the deployment of next-generation MFA for high-risk users in the enterprise, particularly sysadmins and executives. CISOs need to improve risk management for system administrators despite the availability of Privileged Access Management (PAM) solutions. “PAM solutions have functioned as the historical norm for CISOs managing sysadmin risk.” The rise in phishing and insider attacks requires CISOs to prioritize the deployment of MFA updates due to this critical business risk. The report found that executives at many companies lack robust security solutions that align with their business functions and business risk. Almost none of the CISOs surveyed had separate controls in place for their managers. This gap was unexpected and alarming due to the rise of phishing and other methods.
Conclusion
The methods used by cybercriminals are constantly evolving, but never more rapidly than in the last twelve months. We’ve outgrown our users’ capabilities to be our first line of cyber defense, and we haven’t given them any new tools beyond those that were developed years or decades ago. By staying abreast of the latest threats and implementing a multi-layered defense strategy that emphasizes upgrading to next-generation phishing-resistant MFA, organizations can protect their users’ identities and stop cybercriminals from gaining unauthorized access to data and confidential transactions. Protecting your users from new attacks requires vigilance, education, and the right tools. By prioritizing these areas, organizations can significantly reduce the risk of a successful cyber attack and maintain the trust of customers and stakeholders.
Learn more about how Token’s next generation MFA can stop phishing and ransomware from harming your organization at tokenring.com
