Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Using AI/ML to launch sophisticated, targeted & personalized phishing and malware cyber-attacks
By Ihab
Shraim, CTO, CSC Digital Brand Services
Top cyber
threat vectors phishing and malware continue to be the most-used
techniques to launch attacks for fraud and data theft, especially when major
events occur and frenzied reactions abound. The surge in nefarious artificial
intelligence tools like FraudGPT makes phishing emails more credible and the
infrastructure to launch these attacks is cheap and readily available.
In 2024, there
will be a continued rise in generative AI usage where cybercriminals will have
a huge advantage in launching phishing campaigns with speed and sophistication.
Bad actors will be able to craft personalized and targeted phishing emails that
are free of spelling or grammar errors, which will make such emails harder to
detect. Moreover, dark web AI tools such as FraudGPT will be easily available
to allow for more complex, socially engineered deepfake attacks that manipulate
the emotions or trust of targets at even faster rates. The playbooks on
how to takeover legitimate domains and DNS, generate lists of fake domain names
to register and design fraudulent websites that mimic trusted brand names will
be widely accessible.
More cyberattacks will
leverage dormant domains
Most organizations have inactive, dormant brand
domains that are not monitored on an ongoing basis, and many are owned by
unaffiliated third parties who purchased the domains for malicious purposes.
Threat actors keep these domain names dormant
and inactive for a few months, then activate them in targeted phishing and
malware distribution campaigns.
Our prediction in 2024 is
that cybercriminals will increase the usage of "Weaponized Targeted Campaigns"
(WTC) with look-alike dormant domains and other domain names to launch phishing
and malware campaigns. The look-alike dormant domain names will carry the
deception of the phishing attack while other domain names are connected to an
MX record to launch the email component of the phishing campaign.
Trusted consumer brands will be the most targeted with AI/ML
Phishing campaigns
Consumer online brands possess valuable reputations,
and they instill trust with consumers.
Unfortunately, threat actors will capitalize on the popularity of these
brands by circumventing weak domain security.
Domain security needs to be a part of a company's security
posture to protect their online brand domain names from domain
typosquatting, takeover or hijack to conduct phishing and/or brand
counterfeit and fraud. With AI-enhanced phishing techniques
and well-developed deepfake application capabilities, cybercriminals are
more easily equipped to impersonate the most well-known global brands. This
will allow them to create fraudulent versions of brand materials, ultimately
jeopardizing the trust, revenue and reputation built by those
companies.
Increased attention toward "Domain Registrars"
Recently at a well-known cybersecurity conference, the CSC
team met with several security vendors and noticed a surprising trend in our
conversations - many were unaware of who their domain registrars were. This is
concerning because domain registrars are often the epicenter of threat vectors
such as: domain account take-over, DNS redirection and/or poisoning, social
engineering, malware and phishing attacks.
While many business leaders are aware of common
cybersecurity risks such as data breaches, identity management and access
controls, they may overlook the responsibility for domain security. Domain
names are often associated with marketing and branding, leading security teams
to assume that it falls under the marketing or legal departments. However, the
lack of awareness about domain registrars and their security policies can leave
organizations vulnerable to domain and DNS attacks. Adversaries target exposed
corporate and government domain names, which can result in financial and
reputational damage. It is crucial for organizations to prioritize domain
security as part of their overall cybersecurity strategy.
So, what should corporations do to prepare for 2024?
Devise a cybersecurity strategy that includes online brand
protection as an external attack surface.
Domain names are often preliminary, enabling attacks before a
full-blown targeted phishing campaign and/or business email compromise (BEC)
equipped with a lethal downloadable malware. To prevent these initial
exploitations, organizations need to address the state of their domain
landscape and remove the disconnect amongst teams responsible for managing this
aspect of digital brand initiatives. Securing your domains is the starting
point to stop phishing in its tracks.
Here are three key areas that organizations and their security
teams should prioritize to enhance domain security and overall corporate
security posture:
- Visibility
and Awareness: Organizations need complete visibility of
their domain registrar and cloud providers to improve domain security.
Understanding the entire attack surface is crucial for effective domain
protection. This visibility helps identify risks in the supply chain and
enables proactive threat detection and prevention.
- Monitoring
and Intelligence: Security teams should actively monitor
domains and online brands to identify potentially fraudulent activities.
This includes tracking look-alike domains and the connected illicit
digital footprint such as emails, social media, apps, and websites used by
adversaries to deceive victims. Timely detection of security incidents
allows for swift enforcement actions.
- Layered
Defense-in-Depth Strategy: Implementing a cloud-like
strategy for domain security ensures comprehensive visibility into all
assets within the domain ecosystem. Like vetting vendors before granting
access to cloud infrastructure, organizations should thoroughly assess
partners to prevent security and compliance issues. This approach ensures
that only trusted, enterprise-grade partners have access to the domain.
##
ABOUT THE AUTHOR
Ihab Shraim is the chief technology officer (CTO) at CSC, responsible for the vision, innovation, and product revenue growth within our company’s cyber security, domain security, fraud protection, and brand protection lines of business. Ihab has a proven track record in devising business strategies to consistently deliver strategic growth through focused technology innovation, go-to-market product strategies, and customer service excellence.
His background includes strong expertise in facilitating the alignment of corporate business vision with information technology strategies to achieve measurable results with successful outcomes. Ihab has developed cutting-edge, patented disruptive technologies and services to deliver consistent year-over-year product revenue growth. Additionally, he is named as a primary inventor on 10 U.S. patents.
Prior to joining CSC, Ihab was on the Board of Binary Guard while also serving as their CTO. Prior to that role, he was the general manager for Presidio’s managed security service, and the vice president of engineering (anti-fraud) and chief information security officer at Mark Monitor (Clarivate Analytics). Ihab is a graduate of George Washington University and holds a BS in electrical engineering and computer science.