forbes.com

AI-Powered Cyberattacks Surge: Urgent Security Upgrade Needed

New reports from Symantec and Cato Networks demonstrate the use of AI to create phishing attacks and infostealing malware, highlighting the urgent need for enhanced security beyond passwords and basic 2FA, as Menlo Security reports a 130% increase in zero-hour phishing attacks.

Read original article in English

English

United States

TechnologyCybersecurityGenerative AiPhishingMalwareLlmPasskeysAi CybersecurityPassword SecurityAi-Powered AttacksZero-Hour Attacks

SymantecCato NetworksChatgptCopilotDeepseekGoogleMenlo SecurityAwsCloudflareForbesSlashnext

Dick O'brienAndrew HardingStephen Kowski

How are AI-powered tools being used to create and execute increasingly sophisticated cyberattacks, and what are the immediate implications for individuals and organizations?: Recent reports reveal a significant increase in AI-assisted cyberattacks. Symantec demonstrated an AI agent executing a phishing attack, and Cato Networks created malware using ChatGPT, Copilot, and DeepSeek, highlighting the ease with which these tools can be exploited. This underscores the urgent need for enhanced security measures beyond passwords and basic 2FA.
What specific techniques are being employed to bypass AI platform security measures in the creation of malicious software, and what are the underlying causes of these vulnerabilities?: The exploitation of AI in cyberattacks represents a paradigm shift. Attackers are leveraging AI's capabilities to automate and personalize phishing campaigns, creating more convincing lures and rapidly adapting to defensive measures. This trend is exemplified by the successful creation of a functional Google Chrome infostealer using readily available AI platforms, indicating a substantial increase in the sophistication and scale of attacks.
What long-term consequences can be anticipated from the increasing use of AI in cybercrime, and what innovative security measures are required to effectively counter these advanced threats?: The rapid evolution of AI-powered attacks necessitates a proactive shift in security strategies. The ability to create sophisticated malware with minimal technical expertise poses a significant threat. Organizations and individuals must prioritize the adoption of passkeys and stronger authentication methods to mitigate the risk of widespread data breaches and financial losses. The increasing use of cloud hosting by malicious actors also requires enhanced monitoring and security protocols for cloud providers.

Cognitive Concepts

4/5

Framing Bias

The narrative is framed around the urgency and severity of the AI-powered attacks, emphasizing the immediate danger and the need for rapid action to switch to passkeys. This framing can generate fear and potentially lead readers to hastily adopt solutions without considering the broader context of cybersecurity and alternative approaches.

2/5

Language Bias

The article employs strong, alarming language such as "You have been warned," "Take this warning seriously," and "You cannot rely on passwords." While aiming to highlight the severity of the threat, this choice of language can be perceived as sensationalist and may not be entirely neutral. More neutral alternatives could include phrasing that emphasizes the importance of security upgrades without employing such stark warnings.

3/5

Bias by Omission

The article focuses heavily on the threat of AI-based attacks and the inadequacy of passwords, potentially omitting other significant cybersecurity threats. While mentioning zero-day and phishing attacks generally, it lacks a detailed exploration of other attack vectors or defensive strategies beyond passkeys. This omission could leave readers with a skewed perception of the overall threat landscape.

3/5

False Dichotomy

The article presents a false dichotomy by framing the solution to the AI-based attack problem solely as abandoning passwords in favor of passkeys. While passkeys are a valuable improvement, the article neglects other security measures that can complement passkeys and enhance overall security.

Sustainable Development Goals

Peace, Justice, and Strong Institutions Negative

Direct Relevance

The article highlights the rise of AI-powered cyberattacks, which threaten individuals and institutions. These attacks undermine digital security, potentially disrupting essential services and eroding public trust in online systems. The increasing sophistication of these attacks necessitates stronger legal frameworks and international cooperation to combat cybercrime effectively.

Mar 22, 19:10

FBI, CISA Urge 2FA Activation Amidst Medusa Ransomware Attacks

The FBI and CISA issued a joint advisory (AA25-071A) urging immediate activation of two-factor authentication for all webmail and VPN accounts due to over 300 Medusa ransomware attacks since 2021; researchers discovered that these attacks use a "bring-your-own-vulnerable driver" method to disable anti-malware protections.

Mar 22, 13:14

O2's AI Flags 150 Million Scam Calls, Reducing Answered Calls by 42%

O2's AI call defense system, launched in November, has flagged over 150 million scam and spam calls, reducing answered flagged calls by 42% and their duration by 89%; the system also includes Brand ID, identifying business callers, processing 9.5 million calls from 200 businesses.

Mar 22, 04:08

Senate Bill Targets Dating App Romance Scams

Sens. Marsha Blackburn and John Hickenlooper introduced a bill to combat romance scams on dating apps after Beth Hyland, 54, lost \$26,000 to a Nigerian scammer; the bill passed the Senate Commerce Committee.

Mar 22, 01:13

Human Error Drives 74% of 2023 Data Breaches, Highlighting Urgent Need for Human-Centric Cybersecurity

Verizon's 2024 Data Breach Investigations Report reveals that human error contributed to 74% of breaches in 2023, emphasizing the need for human-centric cybersecurity strategies that combine AI, automation, and enhanced employee training to mitigate risks from social engineering, credential theft, and cloud misconfigurations.