Organizations are seeing a steep rise in multichannel attacks fueled in part by an uptick in AI cyber crime, new research from SoSafe has found.
94% of surveyed organizations reported an increase in multichannel attacks over the last year, referring to attacks in which threat actors utilize multiple platforms such as email and SMS.
This is in part because there are now so many channels for attackers to target, with cyber criminals able to exploit social media accounts and messaging apps to mimic legitimate communications.
AI also plays a part, with the report referring to one incident in which AI was used to generate a deepfake voice clone in tandem with communication via WhatsApp and Teams channels.
“Imagine a vice president receiving a call from the ‘CEO’ asking them to execute an urgent action, followed by a confirming message on another medium like Teams or Slack. The call creates urgency, and the follow-up adds credibility. Who wouldn't do as advised?” Sascha Giese, tech evangelist at SolarWinds, told ITPro.
“A sophisticated multi-channel attack could be the perfect crime, combining technical expertise, social engineering, a narrative, and an AI in a way that few organizations are equipped to defend against,” Giese added.
Respondents expect AI cyber attacks to grow in frequency across the board, the report found, with 91% expecting the threat and intensity of AI-based cyber attacks to increase over the next three years.
Though 96% of respondents recognized the importance of detecting AI-based attacks, only 26% rated their ability to do this as “high.”
Why are multichannel attacks so dangerous?
Businesses must be wary of this upward trend in multichannel attacks as they can be particularly effective ways for attackers to leverage vulnerabilities.
They can be particularly dangerous as they combine multiple prompts directed at a victim using more than one media type to create a sense of credibility, James McGodrick, head of security services at Systal, said.
“Examples of this could be an apparently legitimate voicemail from a CFO to a member of the finance team, immediately followed by a very convincing payment link sent via E-Mail which aligns with the content of the voicemail,” McGodrick told ITPro.
RELATED WHITEPAPER
As much cybersecurity training highlights the importance of double checking with the person who appears to have sent a communication, McGodrick said, multichannel attacks work by attempting to satisfy the victim that further corroboration is not needed.
“For this reason, multi-channel attacks can be particularly dangerous for organizations, even those who have already got user awareness training in place,” McGodrick said.
MORE FROM ITPRO
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
OpenAI announces five-fold increase in bug bounty rewardNews OpenAI has announced a slew of new cybersecurity initiatives, including a 500% increase to the maximum award for its bug bounty program.
-
Hackers are turning to AI tools to reverse engineer millions of apps – and it’s causing havoc for security professionalsNews A marked surge in attacks on client-side apps could be due to the growing use of AI tools among cyber criminals, according to new research.
-
12,000 API keys and passwords were found in a popular AI training dataset – experts say the issue is down to poor identity managementAnalysis The discovery of almost 12,000 secrets in the archive of a popular AI training dataset is the result of the industry’s inability to keep up with the complexities of machine-machine authentication.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Tech leaders worry AI innovation is outpacing governanceNews Business execs have warned the current rate of AI innovation is outpacing governance practices.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
