Ready to further increase your brand’s visibility? Consider becoming a sponsor of The AI Impact Tour.Learn more about opportunities here.
IBM IBM predicts that attackers will enhance their arsenals with generated AI and take their attack techniques to new, more deadly levels in 2024. The new year marks the beginning of a new era of deception and identity abuse, with attackers compromising networks with counterfeit goods, IBM’s forecast warns. And privileged access credentials were stolen.
75% of security failures According to , it starts because privileged access credentials and their associated identities are not managed securely. gartner. This is up from 50% just three years ago.
Unit 42 Cloud Threat Report found that 99% of the identities analyzed across 18,000 cloud accounts from over 200 organizations had at least one misconfiguration, indicating a gap in identity access management (IAM) protection. .
CrowdStrike’s 2023 Threat Hunting Report found that “80% of cyberattacks leverage identity-based techniques to compromise legitimate credentials and attempt to evade detection.” The report goes on to say, “This year’s report shows that advertisements for access broker services identified by criminals in the underground have increased by 112% year-on-year, and attackers have doubled the credentials they steal. ”
VB event
AI Impact Tour
Access to the AI Governance Blueprint – Request an invitation to the January 10th event.
learn more
Why generational AI is becoming the new DNA of cyberattacks
Attackers know where the weakest gaps are across the threat surface and are using generative AI to find new ways to exploit them. IBM hints that attack strategies will take a more multidimensional approach, spearheaded by more sophisticated social engineering tactics created using Gen AI.
Here are IBM’s 10 cybersecurity predictions for 2024.
- 2024 will be a year of deception. Charles Henderson, global head of IBM We predict that 2024 will be a busy year for cybercriminals. within a few months of each other. “This is a perfect storm of events that will take disinformation campaigns to a whole new level,” Henderson said.
“Cybercriminals have everything they need to deceive unsuspecting users, consumers, and even public officials through AI-designed deception tactics. “We will see improved deepfakes, audiofakes, and highly convincing AI-generated phishing emails in an effort to further a cause,” Henderson added.
- GenAI aims to make “customer acquisition” much easier for cybercriminals. Henderson said cybercriminals have had limited success in monetizing data stolen from tens of thousands of companies. He points out that artificial intelligence is already changing that. Gen AI allows you to filter, correlate, and classify data in minutes. Therefore, the attacker’s strategy will become more similar to the customer acquisition process as the year progresses.
- As identity-based attacks escalate, businesses will see an influx of “doppelganger users.” “Over the next year, we expect to see more “doppelgänger” users in corporate environments, with users taking one action one day and another the next. This unusual behavior should be a sign of corporate compromise.” Dustin Haywood, chief architect of IBM X-Force. “There are currently millions of valid corporate credentials on the dark web, and that number is growing, allowing attackers to weaponize identities and view them as a stealth method to gain access to overprivileged accounts. I am.”
- Get ready for an AI version of the Morris Worm to usher in a new era of cyberattacks. The Morris worm is believed to be the first cyberattack reported in 1988. John Dwyer, head of research at IBM states. “As AI platforms begin to become generally available to enterprises, attackers will begin to test their initial AI attack surface, with increased activity as AI adoption begins to expand. “We are still far from the day when cyberattacks become the norm, and things like this won’t happen overnight, but the first wave is probably just around the corner,” predicts Dwyer.
- Amidst a midlife crisis, ransomware is undergoing a transformation. Dwyer said: “Ransomware could face a recession in 2024. More countries will pledge not to pay ransoms, fewer and fewer companies will succumb to the pressure of encrypted systems, and funds will be used to decrypt systems. This is because they will choose to focus on rebuilding the system rather than rebuilding it.” IBM has found that ransomware operators suffer from cash flow issues and have difficulty funding resource-intensive campaigns.
- The introduction of generative AI forces CISOs to focus on the data that matters. Akiva Saidi, vice president of data security at IBM Security, said: Classifying and prioritizing critical data will be a top priority action for security leaders in 2024. Saeedi said, “As enterprises begin to embed next-generation AI into their infrastructure, they can centralize different types of data into AI models and provide access to those models and the data ingested by different stakeholders. “We are dealing with the new risks posed by accessing real-world data.” Model inference and practical use. This risk is causing CISOs to redefine data (such as underlying IPs) that could pose an existential threat to the organization if compromised, and to reevaluate the security and access controls surrounding it. Masu. ”
- Gen AI takes the security analyst role to the next level. Chris Meenan, vice president of product management at IBM Security, said that while enterprises have been using AI/ML to improve the effectiveness of security technologies for years, the introduction of generative AI is It states that the direct objective is to maximize the human element of security. “Next year, we will see gen AI take over certain tedious administrative tasks on behalf of security teams,” Meenan said. “But beyond that, we will see gen AI take on more difficult and higher-level “It will also be possible for them to take on other tasks,” he predicts. “Incorporating this type of generative AI into existing workflows not only frees up time for security analysts to spend in their current roles, but also frees up time for more challenging tasks and frees up current security workers. It takes away some of the pressure that is being created by security workers and security workers. There are skills challenges,” predicts Meenan.
- From preventing threats to predicting them, cybersecurity is approaching historic milestones. “As AI crosses new thresholds, security predictions at scale are becoming more concrete,” said Sridhar Muppidi, CTO, IBM Security. Muppidi predicts: “While early security use cases for generative AI focused on the front end, increasing security analyst productivity, generative AI is having a transformative impact on the back end, increasing threat detection and security. I think it won’t be long before we completely rethink threat prediction and protection responses,” Muppidi says.
- A new approach to the security “identity crisis” is emerging. Wes Gyure, Director of Identity and Access Management, IBM Security. It’s neither practical nor unfeasible. ” Gyure said, “Next year, organizations will adopt an ‘identity fabric’ approach that aims to integrate and enhance existing identity solutions rather than replace them. The goal is to create a less complex environment that can enforce consistent security authentication flows and visibility. ”
- Quantum advances will make “harvest now, decrypt later” attacks more common. “The performance of quantum systems continues to expand to levels relevant to cryptography, and studies conducted by the World Economic Forum, National Security Memorandum, and timelines published by the CNSA show that quantum computers are the world’s most “Our findings suggest that they may have the ability to break widely used security protocols,” said Ray, an IBM fellow at IBM Quantum Safe. Harishankar predicts. He warned that the system is vulnerable to ‘harvest now, decrypt later’ attacks. Attackers steal data, store it, and later decrypt it in case they have a chance to access future quantum computers. We believe these attacks will become more common in the coming years as quantum computing advances rapidly. Harishankar said the National Institute of Standards and Technology (NIST) has already begun the process of developing a new quantum-secure cryptography standard and plans to publish the first official standard in early 2024.
VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge and transact on transformative enterprise technologies. Please see the briefing.