Next-Gen Attacks, Same Targets: Safeguarding Your Users’ Identities

FBI and CISA Issue Joint Advisory on Emerging Ransomware Threats

On August 29, as part of the ongoing #StopRansomware initiative, the FBI and CISA released a joint advisory (AA24-242A) highlighting the emergence of a new cybercriminal group and outlining key strategies to combat ransomware. The advisory emphasizes three critical steps organizations should take immediately: promptly installing software updates, enforcing phishing-resistant multi-factor authentication (MFA) that avoids SMS-based methods, and providing comprehensive user training.

The escalation in ransomware attacks and data breaches has presented a significant challenge for cybersecurity, as the pace of new attacks and victim reports continues to rise. This surge is driven by rapid advancements in cybercriminal techniques, which many organizations struggle to counter effectively. As anticipated, the use of Generative AI has significantly altered the landscape of cyber threats, necessitating urgent revisions to existing defense strategies.

Despite these evolving threats, a constant remains: the inherent human vulnerabilities of everyday users. Cybercriminals continue to target users, as no amount of training can fully equip them to recognize advanced phishing schemes or sophisticated deepfakes.

To gain deeper insights into this issue, Token commissioned a study by Datos Insights, a leading global data and advisory services firm. The research involved in-depth 60-minute interviews with CISOs and MFA leaders across the U.S., focusing on their perspectives and experiences. The findings revealed that CISOs unanimously consider user vulnerabilities as the top risk facing their organizations.

The rapid adoption of artificial intelligence, particularly generative AI, has led to more sophisticated attack vectors, making defense efforts increasingly challenging. Cybercriminals often use phishing attacks to infiltrate large organizations, with CISA reporting that 90% of ransomware incidents are initiated through phishing tactics.

Advanced Phishing and Deepfake Attacks: The Growing Threats and the Need for New Defense Strategies

Advanced phishing attacks have become one of the most potent tools for hackers, growing more targeted and sophisticated with the advent of Generative AI. This technology has enabled large-scale spear phishing campaigns, where attackers use real data about organizations and their employees to craft highly convincing, authentic-looking emails. As these deceptive emails become increasingly indistinguishable from legitimate communications, the effectiveness of user training is rapidly diminishing.

Compounding this threat is the rise of deepfake technology, which has introduced new forms of social engineering attacks. Cybercriminals are now using AI-generated voices and videos to impersonate executives and other trusted figures. These attacks are carried out through spoofed phone calls from known numbers and through Zoom meetings where attackers impersonate colleagues. Such attacks exploit the trust employees place in familiar voices and faces, leading to significant security breaches, including unauthorized fund transfers and credential sharing.

The tools needed to execute these sophisticated attacks are now easily accessible to millions on the dark web, requiring no specialized skills. Once the domain of expert cybercriminals, phishing and ransomware attacks have become democratized through Generative AI and new cybercrime tools. With Ransomware-as-a-Service (RaaS) and AI-driven tools readily available, even individuals with minimal technical knowledge can launch advanced cyberattacks using only a computer and an internet connection. This shift represents a convergence of the gig economy with the next generation of cyber threats.

Adapting Defense Strategies to New Threats

Adopting phishing-resistant multi-factor authentication (MFA) has become crucial in today’s threat landscape. With phishing attacks representing the primary cyber threat to enterprises, legacy MFA solutions—many of which are based on outdated technology—are proving inadequate. The current environment underscores the urgent need to deploy next-generation, phishing-resistant MFA solutions, especially in light of AI-enhanced phishing campaigns. CISOs should prioritize transitioning to MFA solutions that are hardware-based, utilize biometrics, and are FIDO compliant. These advanced MFA solutions can significantly reduce the risk of phishing and ransomware attacks, potentially saving organizations billions of dollars in losses.

Targeted deployment of next-generation MFA is particularly important for privileged users within an organization. The report highlights the need to prioritize these solutions for high-risk users, such as system administrators and executives. Despite the presence of Privileged Access Management (PAM) systems, there is a growing need for MFA upgrades in response to the rise of phishing and insider attacks. Alarmingly, the report found that many senior executives lack robust security measures tailored to their specific business functions and risks, with few CISOs having implemented distinct security controls for their executive teams. This oversight is concerning, especially given the increasing sophistication of spear-phishing attacks.

Conclusion

Cybercriminal tactics are evolving at an unprecedented pace, outstripping the capacity of users to serve as the frontline of cyber defense. Without providing them with updated tools and strategies, organizations risk falling behind. By staying informed about emerging threats and implementing a multi-layered defense strategy that emphasizes upgrading to phishing-resistant, next-generation MFA, organizations can better protect their users’ identities and prevent unauthorized access to sensitive data and operations. Vigilance, education, and the adoption of the right tools are essential in reducing the risk of successful cyberattacks and maintaining the trust of customers and stakeholders.