Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
Adversaries are unleashing new tradecraft to exploit any weakness they can find in endpoints, relying on generative AI (gen AI) to create new attack weapons of choice.
What’s troubling is how fast their arsenals are growing. That’s evident in the speed and scale of phishing campaigns, deepfake videos, and social engineering attacks. Over 67% of phishing attacks relied on AI last year, and 61% of security leaders are seeing phishing campaigns created at scale with AI chatbots attacking their organizations. Deloitte predicts deep fake-related losses will soar to $40 billion by 2027, growing at a 32% compound annual growth rate.
Cybersecurity teams who have successfully battled endpoint attacks tell VentureBeat it’s common for adversaries to perform reconnaissance months in advance of an attack to identify weaknesses in endpoints.
All it takes is a quick phone call to the internal service desk for a password or MFA reset at the right time, and they’re in.
Endpoints facing an onslaught of new AI-based attacks
Adversaries are prioritizing and fast-tracking attacks on endpoints using every available source of automation to scale their efforts, with gen AI and machine learning (ML) being the core attack technologies of choice.
Financial services, healthcare, manufacturing, distributors, and core businesses in complex supply chains are the primary targets. Creating chaos in a financial services supply chain is a ransomware multiplier.
“Because of the nature of our business, we face some of the most advanced and persistent cyber threats out there,” Katherine Mowen, The Rate Companies’ SVP of information security, told VentureBeat in a recent interview. “We saw others in the mortgage industry getting breached, so we needed to ensure it didn’t happen to us. I think that what we’re doing right now is fighting AI with AI.”
Adversaries’ AI-based weapons are getting so advanced that a breach could be going on for months without an organization’s security team seeing it. The average time it takes to identify and contain a breach is 277 days, with 176 days to recognize it and 82 days to contain it, based on IBM’s latest Cost of a Data Breach Report. Weaponized AI is making it harder for enterprises to close that gap.
“If you’ve got adversaries breaking out in two minutes, and it takes you a day to ingest data and another day to run a search, how can you possibly hope to keep up with an adversary like that?” Elia Zaitsev, chief technology officer at CrowdStrike, told VentureBeat recently.
One in three organizations doesn’t have a documented strategy for de …