The cybersecurity arms race has never been more intense. The advent of generative artificial intelligence (GenAI) has put advanced attack capabilities in the hands of criminals who have little or no coding skills. The new technology is also enhancing the credibility of their phishing efforts.
According to Lantech CEO Peter Strahan, the threat level has been heightened by the broadening of the attack surface due to wider cloud adoption by businesses to support remote working, as well as an increasingly interconnected supply chain.
“Traditional security measures, such as firewalls, strong passwords and even multi-factor authentication (MFA), are no longer sufficient on their own,” he adds.
Ransomware remains one of the main threats facing businesses, Strahan points out: “It continues to evolve, with more advanced encryption methods and broader distribution tactics, targeting both large enterprises and SMBs.
Making products that are more relevant, more efficient and run smoother with less energy consumption
How your KitKat break is helping cocoa-farming families close the living income gap through an innovative programme
Renewable gas will power Ireland’s decarbonised future
All aboard: Ten great things to see and do in Heritage Week
“In the case of phishing and social engineering, attackers are using increasingly convincing methods, including AI, to trick users into divulging credentials or installing malware. Zero-day exploits involve attackers exploiting vulnerabilities before they are known or patched, making timely updates and threat intelligence crucial.”
Strahan also points out that supply chain attacks which see hackers compromising trusted vendors to infiltrate larger networks have become more common and harder to detect.
CommSec founder David McNamara notes the convincing nature of spoof emails: “Normally you check the header on an email to see if it’s genuine or phishing. [Attackers] are now able to send emails with the correct header so that it looks legitimate. People then click on embedded phishing links without realising they are malicious.”
Quishing is a new threat that organisations need to be aware of. Quishing, or QR phishing, is a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content. The goal of such attacks is to steal sensitive information, such as passwords, financial data or personally identifiable information (PII), and use that information for the likes of identity theft, financial fraud and ransomware.
McNamara explains that criminals exploit the fact that QR codes in emails are perceived by many secure email gateways as meaningless images. Indeed, most email security solutions are designed to inspect text, URLs and attachments. QR codes are essentially just images or collections of meaningless pixels; however, once decoded, the QR decodes into a URL. If the email security solution cannot decode the QR image to detect a malicious URL hidden behind them, users are left unable to determine where the QR code will lead unless they scan and decode it. And that’s the point where they get caught.
Strahan points to another new threat which is known as session token hijacking. This is where a bad actor steals the digital keys or tokens that platforms such as Microsoft 365 use to keep a user logged in. Without these tokens, users would have to log in each time an application refreshes. Once a bad actor has a token, they can access the user’s account without needing the password.
“The bad actor will use a compromised account to launch an attack to all of the compromised user’s contacts, typically leveraging the users Dropbox or SharePoint or another genuine platform to send a link to a file,” says Strahan. “The recipient will have a higher trust that the communication is legitimate as the typical telltale signs of a fake domain or a bogus sender name are not present.
“When the user clicks on the link they are redirected to what appears to be a genuine login page and they enter their username, password and MFA token. Meanwhile, the bad actor is intercepting the communication and relaying the entered information to Microsoft 365 or other platform, waiting for the session token to be issued by Microsoft. Once the token is issued the bad actor now assumes the [user’s] identity and therefore access to everything the user has access to, be that emails, hosted applications, confidential information and so on.”
A robust cybersecurity strategy is essential to protect a business against these emerging threats, Strahan advises.
“Train staff to be aware of the traditional cyberattacks but also ensure they are being regularly kept up to date on emerging threats, continual cybersecurity awareness training – not annual training. Ensure that employees only have access to the data necessary for their job functions. Conduct regular security risk assessments to identify vulnerabilities and areas for improvement. Develop and regularly update a comprehensive incident response plan.”
Technology is important as well, and Strahan recommends that organisations use managed detection and response (MDR) systems to continuously monitor for and respond to potential threats.
“This includes real-time threat detection, analysis and response. Ensure the MDR has specific identifiers for session token theft. This goes one step further than traditional antivirus and monitors usage for suspicious logins from VPNs or strange locations. It understands normal login behaviour and will lock an account similar to credit card fraud monitoring.”