Organizations are seeing a steep rise in multichannel attacks fueled in part by an uptick in AI cyber crime, new research from SoSafe has found.
94% of surveyed organizations reported an increase in multichannel attacks over the last year, referring to attacks in which threat actors utilize multiple platforms such as email and SMS.
This is in part because there are now so many channels for attackers to target, with cyber criminals able to exploit social media accounts and messaging apps to mimic legitimate communications.
AI also plays a part, with the report referring to one incident in which AI was used to generate a deepfake voice clone in tandem with communication via WhatsApp and Teams channels.
“Imagine a vice president receiving a call from the ‘CEO’ asking them to execute an urgent action, followed by a confirming message on another medium like Teams or Slack. The call creates urgency, and the follow-up adds credibility. Who wouldn't do as advised?” Sascha Giese, tech evangelist at SolarWinds, told ITPro.
“A sophisticated multi-channel attack could be the perfect crime, combining technical expertise, social engineering, a narrative, and an AI in a way that few organizations are equipped to defend against,” Giese added.
Respondents expect AI cyber attacks to grow in frequency across the board, the report found, with 91% expecting the threat and intensity of AI-based cyber attacks to increase over the next three years.
Though 96% of respondents recognized the importance of detecting AI-based attacks, only 26% rated their ability to do this as “high.”
Why are multichannel attacks so dangerous?
Businesses must be wary of this upward trend in multichannel attacks as they can be particularly effective ways for attackers to leverage vulnerabilities.
They can be particularly dangerous as they combine multiple prompts directed at a victim using more than one media type to create a sense of credibility, James McGodrick, head of security services at Systal, said.
“Examples of this could be an apparently legitimate voicemail from a CFO to a member of the finance team, immediately followed by a very convincing payment link sent via E-Mail which aligns with the content of the voicemail,” McGodrick told ITPro.
RELATED WHITEPAPER
As much cybersecurity training highlights the importance of double checking with the person who appears to have sent a communication, McGodrick said, multichannel attacks work by attempting to satisfy the victim that further corroboration is not needed.
“For this reason, multi-channel attacks can be particularly dangerous for organizations, even those who have already got user awareness training in place,” McGodrick said.
MORE FROM ITPRO
-
European financial firms are battling a huge rise in third-party breachesNews Growing vendor dependency has contributed to a marked rise in third-party breaches
-
‘We’ve got some fabulous conditions’: Salesforce UK chief exec Zahra Bahrololoumi touts the country's tech industry potentialNews The UK remains a “priority market” for Salesforce, according to its regional CEO
-
CISOs bet big on AI tools to reduce mounting cost pressuresNews AI automation is a top priority for CISOs, though data quality, privacy, and a lack of in-house expertise are common hurdles
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Almost a third of workers are covertly using AI at work – here’s why that’s a terrible ideaNews Employers need to get wise to the use of unauthorized AI tools and tighten up policies
-
Businesses are taking their eye off the ball with vulnerability patchingNews Security leaders are overconfident in their organization’s security posture while allowing vulnerability patching to fall by the wayside.
-
Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level”News Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
OpenAI announces five-fold increase in bug bounty rewardNews OpenAI has announced a slew of new cybersecurity initiatives, including a 500% increase to the maximum award for its bug bounty program.
