October is Cybersecurity Awareness Month. In conjunction with that, IBM has released an updated X-Force Threat report. This report was developed using threat intelligence from Cybersixgill, Red Hat Insights, and the IBM X-Force team and focuses on how hostile actors are compromising cloud infrastructure using adversary-in-the-middle attacks, email attacks, and additional attack methods.
These attacks mostly still use the old standbys like phishing, key logging, watering hole (where a common website is infected to attack the group that uses it), and brute force, all in an effort to get credentials so they can steal your identity to damage your company (and potentially destroy your career).
But at the heart of these attacks is one consistent element, which is people like you who are tricked into doing something that seems legitimate at the time but is anything but, and that tends to look really stupid after the fact.
You Are the Problem
While companies like IBM have been creating security solutions going back decades, there is one consistent problem that never seems to go away: Employees, particularly systems administrators and executives with expanded access, are the biggest problem.
While companies like HP are reporting that AI is being seen in the wild, so far, the more sophisticated AI attacks appear to be mostly in the test stage and are not in active use yet. However, generative AI is, as IBM itself has demonstrated with watsonx, increasingly good at emulating real people, and AI scales to the degree that people can’t due to its ability to engage with thousands of people at once and use the practices of experts when it does so.
IBM reports that a new variant of man-in-the-middle attack, now called adversary-in-the-middle, uses harvested credentials to intercept legitimate transactions and communications to harvest additional intelligence and IDs, copy encryption keys, and launch future targeted attacks. In both cases, the people engaging in communications or transactions are unaware that there is a hostile actor in the middle who is likely also using stolen credentials to gain access to this information for nefarious purposes.
There are so many stolen credentials on the dark web that the price is pretty reasonable to buy one, about $10.23, which IBM believes indicates that they are over-saturated, though it also showcases just how easy it is to steal credentials.
Fixing the Problem
From a company perspective, fixes include both regular training in cyber security and regular random testing of employees to make sure they learn the lessons and are made aware of bad practices before those practices lead to a breach. In addition, making sure threat intelligence reports like this one from IBM focus both security personnel and employees on likely threats so that they are prepared to counter a breach.
New advanced email filtering tools from IBM and others can also help identify and eliminate phishing emails and creative compromised attachments and links from making it through to users. And finally, moving sharply away from single-factor authentication in general and passwords in particular to other solutions that get rid of passwords can be extremely beneficial to your security capabilities.
It is interesting to note that when I first joined IBM in the 1980s, we in Internal Audit came out with a report arguing that we needed to eliminate IDs and passwords as unsecure, and here we are decades later, still trying to get rid of the damn things.
Wrapping Up
IBM’s latest X-Force Threat Report dovetails with what other vendors like HP’s Wolf Security are finding, which is that employees like you and me remain the greatest security threat. We are too easily tricked, and with the emergence of AI as an even more powerful phishing tool, our exposures are likely to explode unless we aggressively do what should have been done decades ago and move away from IDs and passwords (and single-factor authentication in general), while increasing the training and testing of employees to better assure we can’t be as easily compromised.
My hope is that a lot of companies get the hint that things are about to get a whole lot worse with AI ramping up on the attacker side. If we don’t mitigate this problem before AI goes mainstream as a weapon, things are likely to get really bad, really quickly.
Be safe out there, and don’t put this off.
- IBM Power: Doing Hybrid by Choice - November 13, 2024
- How to Build the Perfect AI Workstation - November 5, 2024
- IBM Launches Guardium Data Security Center: Well-Timed for High-Risk Sites - October 28, 2024