One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8417740 |
| Date de publication | 2023-11-28 23:05:04 (vue: 2023-11-29 10:09:12) |
| Titre | Prédictions 2024 de Proofpoint \\: Brace for Impact Proofpoint\\'s 2024 Predictions: Brace for Impact |
| Texte | In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques, and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain. Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behavior rather than exploiting technological weaknesses. As we reflect on 2023, it becomes evident that cyber threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain. So, what\'s on the horizon? The experts at Proofpoint provide insightful predictions for the next 12 months, shedding light on what security teams might encounter and the implications of these trends. 1. Cyber Heists: Casinos are Just the Tip of the Iceberg Cyber criminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. The Scattered Spider group, responsible for ransomware attacks on Las Vegas casinos, showcases the sophistication of these tactics. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances. 2. Generative AI: The Double-Edged Sword The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT bring both promise and peril, but the sky is not falling as far as cybersecurity is concerned. While large language models took the stage, the fear of misuse prompted the U.S. president to issue an executive order in October 2023. At the moment, threat actors are making bank doing other things. Why bother reinventing the model when it\'s working just fine? But they\'ll morph their TTPs when detection starts to improve in those areas. On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we\'ll start seeing statements being published about responsible AI policies. Expect both spectacular failures and responsible AI policies to emerge. 3. Mobile Device Phishing: The Rise of Omni-Channel Tactics take Centre Stage A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls |
| Envoyé | Oui |
| Condensat | 2023 2024 ability about abuse access accessibility accessible accounts achilles across actors adapt adaptability adaptive addresses addressing adopt adoption advanced adversaries aggressive ahead ai: aim alike also another appliances approach are areas around attack attackers attacks attempts audience authentication away bank barrier based battleground becomes becoming behavior being belief beyond boost both bother brace breaches breaches: breaking bring broadening broader but bypass bypassing calls campaigns capabilities capable casinos centre centric chain chains challenge challenges challenging change channel chatgpt codes comes common companies compelling complex complicates compromise compromising concerned conclusion constant contributing conventional conversational cookies corporate counter create credentials criminals critical crucial customer customers cves cyber cybersecurity defenders defense defenses demand demands democratization desk desktops detection developers device devices different digital doing dominate double dramatic driven edge edged edr effective element emails emerge employees encounter endpoint engineering entry especially essential evading even ever evident evolution evolving executive exemplifies exemplify expect experienced experts exploit exploiting explosive exponential exposures extended facilitates factor failures falling families far fear file find fine flip focus forecast formidable fortifying fraudgpt fraudulent free from frontier and generative globe greater ground group growth has have heart heel heightened heists: help horizon how human humans iceberg identities identity idp idps illustrating impact implications improve includes including incorporation increase increased increasingly information infrastructure inherent initial injecting innovative insightful instances interactions issue iteration its just keys landscape language large las less leveling leveraging lies light like limited link links login looking losing lowers lure makes making malware manipulating may means measures mfa might misconfigurations misuse mobile model models moment months more morph most much multi multifaceted must navigating new next not notable notably novel now obscured october offerings omni one only open order organizations other otp over password peril persistently phishing phishing: pivoted platforms policies possess practices predictions predictions: presents president prevalent primarily prioritize privacy privileged proactive procedures processes products programming projects proliferation promise prompted proofpoint provide provider providers published ransomware rapid rather recent recognizing redirecting refine reflect reinventing relevance relying remains remains: replication resilient resources response responsible result revolve rise rooted sandboxes scattered scope secure securing security seeing session shedding shift shift: shifts showcases showcasing side skilled sky smishing social software sophisticated sophistication source specifics spectacular spider stage standard start starts statements stored strategically strategies such suggests supply swift sword syswhispers tactics take targeted targeting teams techniques technological technology than themselves these they things those threat threats through time tip took tools touch towards traditional transfer trend trends truth: ttps use users utilizing valuable various vegas vendors very victims visibility voice vulnerabilities vulnerability watchdogs weaknesses what when which why widespread will working wormgpt year yet |
| Tags | Ransomware Malware Tool Vulnerability Threat Mobile Prediction Prediction |
| Stories | ChatGPT ChatGPT |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.