Cybercrime tactics evolve to embrace AI and online ads
A new report from BlueVoyant looks at the new risks organisations face from outside the traditional IT perimeters.
In particular, cybercriminals are using AI to create more effective phishing campaigns, and employing online adverts to lure victims to malicious websites.
"The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks," says Ron Feler, BlueVoyant's global head of threat intelligence. "While the essentials of the attacks don't change, the increased number and diversity of attacks make defenders' jobs more challenging."
When setting up a malicious ad campaign, threat actors utilize the vast customization options available for advertisers as a sophisticated evasion mechanism, displaying the ads only to specific users meeting the criteria such as specific locations, devices and times of day.
The report also highlights the need for better email security as many organisations are not enabling all the key components -- such as DMARC -- that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats.
"Organizations' attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities," says Joel Molinoff, BlueVoyant's global head of supply chain defence. "BlueVoyant undertook this research to shine a light on the attack vectors organizations need to be aware of and recommended actions to help prevent the latest threats."
In the past year the report finds that there's been a continued upswing in unpatched zero-day vulnerabilities or emerging vulnerabilities. The time frame between the announcement of emerging and zero-day vulnerabilities and their subsequent exploitation has reduced too. This suggests that adversaries are increasingly prepared to immediately capitalize on newly discovered vulnerabilities, prompting a high-stakes race between threat actors and defenders following a disclosure.
The full report is available from the BlueVoyant site.
Image Credit: zimmytws / Shutterstock