November 23, 2024
There is a Ransomware Armageddon Coming for Us All
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who’s-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop

The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who’s-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace, and so many others cannot stop the attacks, how will anyone else?

Phishing-driven ransomware is the cyber threat that looms larger and more dangerous than all others. CISA and Cisco report that 90% of data breaches are the result of phishing attacks and monetary losses that exceed $10 billion in total. A report from Splunk revealed that 96 percent of companies fell victim to at least one phishing attack in the last 12 months and 83 percent suffered two or more.

Those of us in the cybersecurity segment have seen incredible advances in defenses in the past 20 years. The one thing that has not advanced is humans. Users in every organization and not much more advanced at stopping cyber-attacks than they were two decades ago. This is why phishing is so effective for cybercriminals – because it exploits human weaknesses, not technology. That leaves legacy MFA as the most critical defense mechanism. And guess what, most companies are using legacy MFA technology that is also 20 years old.

Here is why things are about to get much worse. With the rise of Generative Artificial Intelligence (GenAI), cybercriminals are able to take phishing to an entirely new level where every attack can become nearly impossible for users to identify, and attackers will now be able to do this with little effort. Read on to find out why, and what you can do about it.

What Does GenAI Have to Do with Phishing?

Phishing uses deceptive communications – emails, text messages, and voice messages- to trick users into revealing sensitive information, including login credentials, passwords, one-time passwords, personal information, and clicking on phony approval messages.

Cybercriminal gangs are learning to harness the incredible power of GenAI tools like fraud-versions of ChatGPT to create more persuasive, convincing, and realistic phishing messages. This highly personalized and context-aware text is practically indiscernible from normal human communication. And this makes it extremely challenging for recipients to tell the difference between genuine and fake messages. LLMs also allow almost anyone, not just the hacking pros, to launch phishing attacks.

What’s more, traditional anti-phishing solutions aren’t effective at detecting the newest phishing messages created by GenAI. GenAI content lacks telltale signs of phishing, like misspellings or generic language. Phishing detection tools rely on pattern recognition and known indicators of phishing that will no longer be present. Perhaps more worrisome, GenAI tools are enabling cybercriminals to conduct highly targeted phishing campaigns on a massive scale. Threat actors can now automate the generation of a virtually unlimited number of custom-tailored phishing messages for a wide range of victims.

Changing Tactics Against Phishing

The explosion of GenAI-powered phishing attacks raises a big question: will we ever be able to spot super realistic fakes? Are we losing the fight against phishing?

This question is leading many companies to reexamine their anti-phishing tactics. To fight phishing attacks head-on, they must upgrade the primary targets of phishing: credentials and legacy MFA. By going passwordless to eliminate reliance on traditional credentials and by implementing next-generation MFA To replace the 20-year-old technology of legacy MFA.

Smart companies are moving away from username and password to passwordless authentication. Yet these solutions, while a giant leap forward, also have limitations. A lost, stolen, or compromised device that is not biometric can be used to gain unauthorized access, and mobile phones and other BYOD devices are out of the control of the organization and are susceptible to all types of malware being downloaded by the user.

For these reasons and others, security-first companies are making the decision to move to next-generation multi-factor authentication.

Next-Gen MFA: Disrupting the Phishing Attack Surface

Next-generation MFA replaces traditional credentials, password-based authentication, and inconvenient and vulnerable legacy MFA solutions. The next-generation MFA paradigm relies on a physical, wearable FIDO2-compliant device that eliminates the human factor in phishing – making it virtually phishing-proof. These cutting-edge biometric wearables also protect organizations against BYOD vulnerabilities, lost and stolen credentials, weak passwords, credential stuffing, MFA prompt bombing, and easily stolen SMS one-time passcodes. Unlike traditional MFA, attackers simply can’t bypass next-gen MFA with malware, MFA fatigue attacks, adversary-in-the-middle (AiTM) attacks, and other methods. Since the authenticator always remains with the user, wearable next-gen MFA tokens are constantly safe and immediately available for authentication. Only the authorized user can use the device, and no attacker can access the secrets, keys, and biometrics stored on it.

GenAI is powering the coming tsunami of phishing attacks that are effectively nullifying traditional phishing defenses and obsoleting legacy MFA. Wearable, next-generation MFA devices like Token Ring stop the most sophisticated phishing attacks and are the best defense against the coming phishing Armageddon.

Learn more about how Token’s Next-Generation MFA can stop phishing and ransomware from harming your organization at tokenring.com

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.