Virtualization Technology News and Information
Article
RSS
Trend Micro 2024 Predictions: Change is Coming for MFA and Phishing Training in 2024

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Change is Coming for MFA and Phishing Training in 2024

By Eric Skinner, VP of Market Strategy, Trend Micro

The arms race between network defenders and threat actors will enter a dangerous new phase in 2024. As we approach a new year, all signs point to a generative AI (GenAI) powered surge in highly convincing phishing campaigns. And to those who believe that multi-factor authentication (MFA) will be an effective bulwark against credential-stealing phishing campaigns: think again.

Organizations will need a new plan to tackle phishing and account takeover attempts in 2024. Fortunately, there are tools out there to help fight back.

GenAI supercharges phishing

Phishing has long been a battleground between threat actors and cybersecurity professionals. It remains a top threat vector because it exploits the unpatchable critical asset at the heart of most organizations - employees. But, in recent years, progress has been made through measures like gamified user awareness programs and improved processes for reporting, as well as improvements to email security filters.

GenAI is set to give criminals a major boost in 2024 by bringing the ability to craft highly convincing phishing emails in any language to anyone in the world - and thanks to advanced large language models (LLMs), the value of phishing training as we know it could degrade substantially over the next year. Phishing training ultimately benefits employees by helping them recognize emails that appear suspicious, when GenAI works to make those emails come off as trustworthy.

In 2023, Red team researchers have already demonstrated how GenAI technology can enable threat actors to potentially save nearly two days of work in crafting phishing campaigns. In the new year, organizations should foresee a wave of GenAI-powered improvements to phishing campaigns powered by either ad-hoc usage of commercial LLMs or more specialized LLMs designed for malicious purposes.

MFA hits a roadblock

MFA has often been regarded as a powerful defense for bolstering identity and access management (IAM). But history has shown that as certain defenses become widespread, attackers invest more time and effort in overcoming them - and that's happening more broadly with MFA now. We already saw MFA fatigue attacks over the last few years where attacks bombarded targets with MFA prompts, hoping the target would eventually accept the prompt. Now "attacker in the middle" proxy tools like EvilProxy are starting to help attackers get around MFA more quietly and effectively.

Tools like EvilProxy stow between the victim and a real login page, transmitting requests and responses between the two. The user thinks they're interacting with a legitimate provider, whilst the attacker is able to view their username, password and - most importantly - MFA codes. Developers of EvilProxy claim that the tool can help threat actors bypass provider's such as Apple, Gmail, Facebook and Microsoft's login security - and to make matters worse, it's sold as a simple service, lowering the barrier to entry even further for budding fraudsters.

New year, new strategy

All of this is a wake-up call for IT and security managers. More comprehensive anti-phishing training will need to be implemented and prioritized in 2024.

Organizations can't solely rely on automated tooling to make effective change. Scanning for malware attachments at an email security gateway is no longer enough and modern email security tools need to perform a range of sophisticated analyses that can investigate links using computer vision AI techniques to detect fraudulent phishing pages. Employees will need to learn new methods to detect phishing emails: recognizing safe URLs and login pages will become more important than spotting grammatical errors or strange vocabulary.

Organizations must also implement a better way to flag "attacker in the middle" proxy attacks. One option is to use an extended detection and response (XDR) platform that is trained to understand normal behavior so it can better spot suspicious activity. For example, an "attacker in the middle" attack targeting MFA could result in multiple logins from the same user at different geographical locations within an impossible timeframe. That should trigger an automated detection and high-priority human review.

Enterprises should also consider upgrading MFA to use proxy-resistant FIDO2-compliant approaches. This could include using hardware devices like Yubikey tokens, Google Titan security keys, or a hardware-free approach such as passkeys, which are supported by organizations like Microsoft, Google and Apple. Using public key cryptography enables users to login simply via a fingerprint, face scan or screen lock. Although these tools are making headway in the consumer space, there's also growing adoption within enterprise IT thanks to support from IAM vendors like Okta.

In the new year, IT teams will need to decide whether to use passkeys based on their risk appetite and security versus usability trade-offs. But as it stands, 2024 could be the start of a change in how we defend against phishing and account takeover attempts.

##

ABOUT THE AUTHOR

Eric Skinner, VP of Market Strategy, Trend Micro

Eric Skinner 

Eric Skinner is the Vice President of Market Strategy and Corporate Development at Trend Micro-a global leader in cloud and enterprise cybersecurity. In his 10 years with the company, Skinner has developed a detailed understanding of and passion for global security concerns, especially as they relate to digital identity, data protection and cyber threats. Skinner provides a unique focus on advanced threat detection, endpoint and mobile security, detection and response approaches, machine learning, and identity and authentication technologies.

Published Friday, January 05, 2024 7:38 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910