In a new report, IBM warns that cyber attackers are set to amplify their capabilities by harnessing the power of generative artificial intelligence (AI) technology. This development is predicted to result in a significant boost in the sophistication and potency of cyber attacks in the upcoming year.
The Era of Deception and Identity Abuse
The dawn of 2024 marks the beginning of a new era characterized by rampant deception and identity abuse, as highlighted by IBM’s predictions. Attackers are expected to manipulate networks by using fake and stolen privileged access credentials. According to Gartner, a staggering 75% of security failures stem from the insecure management of privileged access credentials and their associated identities, which marks a significant increase from 50% observed just three years ago.
Furthermore, a Cloud Threat Report by Unit 42 revealed that 99% of examined identities across 18,000 cloud accounts from over 200 organizations exhibited misconfigurations. These findings indicate critical gaps in Identity Access Management (IAM) protection.
“80% of cyberattacks leveraged identity-based techniques to compromise legitimate credentials and try to evade detection.”
– CrowdStrike’s 2023 Threat Hunting Report
The report also states that adversaries are intensifying their focus on stolen credentials. In fact, advertisements for access-broker services identified in the criminal underground have surged by 112% compared to the previous year, according to the same CrowdStrike report.
Redefining Attack Strategies with AI
Cyber attackers possess a deep understanding of the most vulnerable gaps across various threat surfaces and are now leveraging generative AI to devise new and innovative methods for exploitation. IBM suggests that these evolving attack strategies will embrace a multidimensional approach, driven by highly sophisticated social engineering tactics facilitated by generative AI technologies.
