Multichannel attacks are becoming a serious threat for enterprises – and AI is fueling the surge

Organizations are seeing a steep rise in multichannel attacks fueled in part by an uptick in AI cyber crime, new research from SoSafe has found.

94% of surveyed organizations reported an increase in multichannel attacks over the last year, referring to attacks in which threat actors utilize multiple platforms such as email and SMS.

This is in part because there are now so many channels for attackers to target, with cyber criminals able to exploit social media accounts and messaging apps to mimic legitimate communications.

AI also plays a part, with the report referring to one incident in which AI was used to generate a deepfake voice clone in tandem with communication via WhatsApp and Teams channels.

“Imagine a vice president receiving a call from the ‘CEO’ asking them to execute an urgent action, followed by a confirming message on another medium like Teams or Slack. The call creates urgency, and the follow-up adds credibility. Who wouldn't do as advised?” Sascha Giese, tech evangelist at SolarWinds, told ITPro.

“A sophisticated multi-channel attack could be the perfect crime, combining technical expertise, social engineering, a narrative, and an AI in a way that few organizations are equipped to defend against,” Giese added.

Respondents expect AI cyber attacks to grow in frequency across the board, the report found, with 91% expecting the threat and intensity of AI-based cyber attacks to increase over the next three years.

Though 96% of respondents recognized the importance of detecting AI-based attacks, only 26% rated their ability to do this as “high.”

Why are multichannel attacks so dangerous?

Businesses must be wary of this upward trend in multichannel attacks as they can be particularly effective ways for attackers to leverage vulnerabilities.

They can be particularly dangerous as they combine multiple prompts directed at a victim using more than one media type to create a sense of credibility, James McGodrick, head of security services at Systal, said.

“Examples of this could be an apparently legitimate voicemail from a CFO to a member of the finance team, immediately followed by a very convincing payment link sent via E-Mail which aligns with the content of the voicemail,” McGodrick told ITPro.

As much cybersecurity training highlights the importance of double checking with the person who appears to have sent a communication, McGodrick said, multichannel attacks work by attempting to satisfy the victim that further corroboration is not needed.

“For this reason, multi-channel attacks can be particularly dangerous for organizations, even those who have already got user awareness training in place,” McGodrick said.

MORE FROM ITPRO

• What is phishing?
• Hackers are using a new AI chatbot to wage cyber attacks
• Agentic AI could be a blessing and a curse for cybersecurity