The FBI and CISA (US Cyber ​​Defense Agency) have issued a joint warning against next-generation cyber attacks and specifically as part of ongoing efforts under the program #StopRansomware or what is the same thing, helping the companies and organizations for which it happened the first global cyber threat.

Agencies describe new cybercriminal groups and their attack methods. They also describe three steps to take to mitigate the cyber threats of ransomware and which are part of any strategy to prevent it:

• Install updates as soon as they are released.
• Require phishing-proof multi-factor authentication (i.e. not based on SMS text messages).
• Train users.

Next generation cyber attacks

In conjunction with the new announcement, Token’s report, with surveys of dozens of CISOs, puts us on the path to the new challenges posed by next-generation cyberattacks. The rise in the number of victims of ransomware attacks and data breaches is so profound that the new challenge for cyber defense is simply keep up to date with the number of new attacks and the detection of victims.

This is the result of staggering advances in cybercriminal methods, combined with the slow response of many organizations to adapt to new attack methods. As predicted, Generative AI This has been a radical change for cybercriminals attacking organizations and requires urgent adjustments to cyber defense strategies.

Despite this remarkable transformation in threats, one thing that hasn’t changed is the human limitations inherent in ordinary users, making them a preferred target for cybercriminals. No amount of training will equip the average user with the skills necessary to detect advanced phishing campaigns or sophisticated spoofing.

AI and the dark web

Attack vectors are becoming more sophisticated with the adoption of AI capabilities, especially generative AI, making it harder for CISOs and their teams to defend against them. Cybercriminals often target employees of large organizations using phishing attacks to gain network access. CISA informs about it 90% of ransomware attacks are the result of phishing.

Gen AI also makes it possible to launch phishing attacks targeting specific individuals within an organization at scale and in greater detail, using real data about the organization and its employees to make it appear authentic. The signs of phishing emails are quickly disappearing as these emails become increasingly indistinguishable from legitimate communications. This soon negates the value of user training.

The above is made more difficult by the rise of technology deepfakeas artificial intelligence has given rise to new forms of social engineering attacks. Cybercriminals are now using AI-generated voices and videos to impersonate executives and other trusted individuals.

Another big problem is that the tools to carry out these attacks are available to almost anyone on the dark web. without the need for special knowledge. Phishing and ransomware attacks began as the exclusive domain of expert cybercriminals, but with the advent of generative artificial intelligence and new cybercrime tools, launching these attacks has become accessible to anyone with access to the dark web—that is, anyone with a computing device and an Internet connection.

Ransomware as a Service (RaaS) and AI-powered tools available on the dark web have simplified the process and eliminated the need for advanced skills. This change allows people with minimal technical knowledge to carry out sophisticated cyber attacks with just a computer and an internet connection. The unofficial economy is facing the next generation of cyber attacks.

In summary. The techniques used by cybercriminals are constantly evolving, but never more rapidly than in the last twelve months. We’ve overwhelmed our users’ ability to be our first line of cyber defense and given them no new tools beyond those developed years or decades ago. Protecting users from new attacks requires supervision, education and the right tools. By prioritizing these areas, organizations can significantly reduce the risk of a successful cyber attack and maintain the trust of their customers.

Much needs to be done against next-generation cyber attacks. More information | FBI and CISA notices