The latest IBM X-Force Threat Report highlights how cybercriminals are compromising cloud infrastructure through various methods such as adversary-in-the-middle attacks and email phishing. These attacks often use old tactics like phishing, key logging, watering hole attacks, and brute force to steal credentials. Once these credentials are obtained, malicious actors can steal identities, damage companies, and potentially ruin careers.
A common theme in these attacks is the exploitation of human error, where employees and executives are tricked into doing something that seems legitimate but is actually harmful. While companies have been developing security solutions for decades, the human element remains the weakest link. Employees, especially system administrators and executives with extensive access, are frequently targeted in these schemes.
Although AI is being seen in the wild, sophisticated AI attacks are still mostly in the testing phase. However, generative AI has the potential to emulate real people and scale interactions far beyond human capabilities. The reports indicate that a new variant of the man-in-the-middle attack, known as adversary-in-the-middle, uses stolen credentials to intercept legitimate transactions and communications.
This allows attackers to gather additional intelligence and IDs, copy encryption keys, and plan future targeted attacks. Many people are unaware that during their communications or transactions, a hostile actor using stolen credentials could be eavesdropping.
Cloud vulnerabilities in human error
Currently, stolen credentials are widely available on the dark web, sold for as little as $10.23, indicating an oversaturation of available information. To address this problem, companies can implement regular and random testing of employees to ensure they are aware of cybersecurity best practices and can avoid common pitfalls that lead to breaches. Threat intelligence reports like this one also help both security personnel and employees stay informed about potential threats.
Advanced email filtering tools can play a significant role in detecting and removing phishing emails, compromised attachments, and malicious links. The industry must also move away from single-factor authentication, particularly passwords, and adopt more secure multi-factor authentication systems. Interestingly, when the author first joined the industry in the 1980s, reports already emphasized the need to eliminate IDs and passwords as insecure.
Decades later, the cybersecurity sector is still grappling with these issues. The latest findings align with those from other vendors: employees remain the greatest security threat. We are too easily tricked, and with AI becoming a more powerful phishing tool, exposures will likely increase unless proactive measures are taken.
The hope is that companies will understand the urgency of bolstering their security measures before AI becomes a mainstream weapon in the hands of attackers. It is crucial to be safe and not put off implementing better security practices.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
