Month: August 2024

AI: The double-edged sword in combating identity-related cyberattacks and safeguarding organizations.

Identity-related cyberattacks are the stealthy predators of the cybersecurity landscape, posing an unprecedented threat to organizations worldwide. According to a recent report, “2024 State of Passwordless Identity”, 78% of organizations were targeted by such attacks in the past 12 months. This alarming statistic underscores the urgent need for effective identity management security measures.

The financial devastation wrought by identity-related breaches is a global crisis, reaching billions of dollars in losses each year. The alarming cost of authentication-related attacks varies worldwide—an average of $5.58 million globally ($6.4 million in the U.S. and $4.99 million in EMEA) in the past year. The toll of identity fraud alone has inflicted an average annual cost of $2.78 million on businesses ($4.34 million in the US, $2.52 million in EMEA), further underscoring the urgent need for robust identity security measures. These figures paint a grim picture of the economic havoc wreaked by cybercriminals exploiting vulnerabilities in identity systems.

What factors contribute to these breaches? The persistent trend of credential misuse and authentication weaknesses are the primary cause of the majority of breached organizations. Despite the prevalence of these attacks, only half of organizations globally lack sufficient confidence in their ability to detect a breach thus making organizations vulnerable to ongoing and subsequent attacks.

The complexity of authentication processes is also a significant challenge. On average, employees in the US and EMEA use four distinct types of authentication methods daily. This complexity can cause frustration and inefficiency. This is exacerbated by the reality that most employees in the US and EMEA wait for up to three hours for service desks to verify their identity. However, password-related issues account for about a third of IT help desk spending. These pain points affect productivity and highlight the need for more efficient and user-friendly authentication solutions.

The AI and Cybersecurity Paradox and Need for Deterministic Identity Controls

In recent years, the surge in IT security attacks has left organizations scrambling to revamp their identity security systems. Companies are employing AI tools to prevent adversaries from exploiting flawed defenses. While AI can enhance security measures, it is not a panacea. Identity assurance remains a crucial priority. Without it, companies are prone to breaches, efficiency losses and doubt from both customers and internal parties. To address evolving threats and improve security, organizations must adopt a fundamental shift towards deterministic identity controls.

Generative AI is a double-edged sword in identity security. While 60% of organizations worldwide see it as a major threat, 75% of companies believe it offers a strategic advantage against cybercriminals. This paradox highlights AI’s dual role in cybersecurity: both a significant threat and a powerful defense tool.

The Shift Towards Passwordless Adoption and Frictionless Identity Verification

Credential misuse or authentication weakness is often cited as the most common cause of a breach—up from 82% in 2022. This alarming statistic underscores the continued need for robust identity protection measures. Traditional authentication methods, such as passwords, are increasingly vulnerable to sophisticated attacks. Cybercriminals exploit these weaknesses, resulting in significant financial and reputational harm for organizations.

Passwordless adoption is becoming a critical strategy in the fight against cyber threats. By removing the use of passwords, organizations can significantly reduce the likelihood of credential-based attacks. Passwordless authentication methods, such as biometrics and hardware tokens, provide a higher level of security and a more secure user experience.

Additionally, frictionless identity verification is essential for maintaining security without compromising user experience. Traditional verification methods often introduce friction, leading to user frustration and potential security gaps. Frictionless identity verification uses advanced technologies, such as AI and machine learning, to prove that someone is who they claim to be. This approach enhances security and improves user satisfaction and trust.

The Role of Deterministic Identity Controls and Cost of Inaction

Organizations must implement deterministic identity controls to address the evolving threat situation. Unlike probabilistic methods that depend on statistical models and predictions, deterministic controls provide a higher level of accuracy. It is possible to reduce the likelihood of unauthorized users accessing sensitive data using these controls.

The cost of inaction in addressing identity security is considerable. Breaches resulting from credential misuse and authentication weaknesses can cost organizations millions of dollars annually. Beyond financial losses, breaches erode stakeholder trust and damage an organization’s reputation. It is clear there is an urgent need for organizations to take action to enhance their identity security frameworks.

As the cybersecurity landscape continues to evolve, so must identity security strategies as well. One cannot overstate the importance of staying ahead of emerging threats and adopting innovative solutions. While AI will undoubtedly play a significant role in the future of identity security, robust deterministic controls and a focus on identity assurance are key complements.

In conclusion, the surge in IT security attacks has highlighted the need for organizations to revamp their identity security frameworks. While AI offers considerable potential, it is not a silver bullet. Identity assurance is essential, and organizations must prioritize deterministic identity controls to address evolving threats and improve security. By adopting identity-first security strategies, prioritizing passwordless adoption, and implementing frictionless identity verification, organizations can enhance their security posture and protect against the ever-evolving threat landscape.

We list the best cloud antivirus.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Researchers uncover novel way to trap unsuspecting customers with a new phishing attack.

Banking customers have been targeted in a newly discovered method of phishing attacks, new research has found.

A report from ESET found the attacks primarily focused on iPhone and Android users by getting them to unknowingly download Progressive Web Applications (PWA) disguised as authentic apps.

PWAs are websites made to behave like a stand-alone application, with the image seemingly verified by the use of native system prompts. PWAs bypass the need for a user to allow third-party installation, with iOS phishing sites posing as popular apps landing pages and directing victims to add the PWA to their home screen. Ultimately, the PWAs behaved like a normal mobile app – but by sidestepping the authorization of third-party installation on Android, this led to the silent installation of Android Package Kit (APK), which appeared to the user to be installed via the Google Play Store.

Delivery methods

The campaign used three different URL delivery mechanisms – Voice call, SMS delivery, and Malvertising, with customers across the Czech Republic, Hungary, and Georgia targeted.

Depending on the campaign, the install/update button launched the download of a malicious application directly onto the user’s phone, either in the form of a WebAPK (for Android devices) or a PWA. This bypassed the usual browser warnings of “installing unknown apps”.

The voice call would warn the victim about a supposed out-of-date banking app, and instructed the user to select a numbered option. Once they did so, a phishing URL was texted to them.

The SMS delivery sent messages which included the phishing link indiscriminately to Czech numbers, whilst the advertising campaign consisted of registered adverts on Meta platforms (like Facebook and Instagram). The ads contained a call to action to compel victims, such as a limited time offer for those who ‘download an update below’.

Recent reports show similar threat actors using falsified versions of popular Android apps, with increasingly sophisticated methods. Eset expects to see copycats of these applications, so we recommend staying vigilant. The best way to keep your data safe is by only downloading apps from legitimate sources, and being wary of any links sent by anyone you don’t know.

More from TechRadar Pro

Check out our pick of the best firewall software aroundThe evolving threat landscape: Staying ahead of phishing attack trendsTake a look at our best malware removal software choices

Read More 

Luma Labs releases enhanced AI video maker Dream Machine 1.5.

Luma Labs has enhanced its Dream Machine AI video generator to a new level of realism and greater ability to interpret your vision. Dream Machine 1.5 should really act as an alarm clock to its rivals to step up their efforts. That’s especially true for OpenAI, which seems to keep hitting snooze on releasing its Sora AI video model to the public. 

Dream Machine only came out a couple of months ago, but Dream Machine 1.5 is a major step up when it comes to making better videos out of text and image prompts. The most immediate improvement is speed. The new model can generate five seconds of high-quality video in approximately two minutes. That could prove critical for content creators and marketers working under tight deadlines. 

Despite making the videos more quickly, Dream Machine 1.5’s videos are more realistic than its predecessor. That extends to not only the look of the video as a whole but also the movement on the screen. There are far fewer glitches as objects travel around a virtual space. Some of that might be from the similarly upgraded character consistency, even when iterating on a prompt. Better adherence to a model makes for much more realistic physical movement. The last major upgrade to note is that Dream Machine 1.5 is far better at accurately rendering text – a task that AI often struggles with.

AI Video Race

Luma certainly has plenty of competition from other AI video generators, despite its impressive upgrade. The most notable is OpenAI and its Sora model, but just being more available will help Luma in this case. OpenAI’s decision to limit Sora to certain partners means there are a lot of people interested in AI video who can’t use it. Dream Machine 1.5 is right there waiting. Other developers who took the Sora route have since changed their tune, such as Kuaishou and its Kling AI video generator.  That said, OpenAI is far from Luma’s only rival. Runway, Stability AI, Pika, Kling, and TikTok owner Bytedance’s Jimeng are just some of the others racing to snap up as much of the AI video market as possible.

Despite the hurdles, the launch of Dream Machine 1.5 is a big deal in the world of AI-generated video. As AI video tech keeps getting better, it’s set to shake up industries like entertainment, advertising, education, and journalism. The ability to whip up high-quality video content quickly and easily is opening up fresh creative opportunities and making visual communication more dynamic and engaging than ever before.

You might also like…

Stable Diffusion AI spin-off will let you create weird videos from text promptsWatch the AI-produced film Toys”R”Us made using OpenAI’s Sora – and get misty about the AI return of Geoffrey the GiraffeA new OpenAI Sora rival just landed for AI videos – and you can use it right now for free

Read More