AI impersonation emerges as top cyber threat in new report
New research from Teleport reveals that AI impersonation now ranks as the most challenging cyber attack vector for security experts to defend against, as indicated by 52% of senior leaders surveyed.
The 2024 State of Infrastructure Access Security Report issued by Teleport highlights the growing complexity of social engineering techniques, with AI and deepfakes substantially enhancing the effectiveness of phishing scams. The study involving 250 senior decision-makers illustrates the persistent threat posed by social engineering, which remains a primary tactic for cybercriminals to deploy malware and exfiltrate sensitive information.
Ev Kontsevoy, CEO of Teleport, states, "The reason AI impersonation from cyber criminals is so difficult to defend against is that it is getting better and better at mimicking legitimate user behaviour with high accuracy, making it challenging to distinguish between genuine and malicious access attempts."
The survey data shows that a majority of organisations, at 68%, have adopted AI-enhanced tools to improve the precision and efficacy of security measures. However, there is ongoing debate concerning the effectiveness of employing AI to counteract AI-based threats. Kontsevoy comments, "The findings here suggest a risk of overconfidence in AI's ability to protect organisations against social engineering. Using AI to combat this threat is like suggesting that an adversary targets the missiles on a fighter jet, rather than the fighter jet itself."
Kontsevoy further emphasises that the focus should be on reducing the vulnerability of credentials: "The right conversation is, 'how do we stop employees and enterprises from making their credentials a threat vector?' As it stands, credentials are pretty much littered across the many disparate layers of the technology stack – Kubernetes, servers, cloud APIs, specialised dashboards and databases, and more."
Despite the advancements in social engineering, almost 40% of businesses have yet to implement cryptographically authenticated identities to counteract identity-based attacks. The growing prevalence of these types of attacks was noted by 87% of respondents as a significant challenge to improving infrastructure access security.
In the area of defensive ease, respondents indicated that weak passwords are now one of the simplest attack vectors to mitigate, with only 36% reporting difficulty in addressing this issue. Notably, 45% of participants considered protecting against weak passwords to be 'easy'.
On this point, Kontsevoy observes, "I think what this shows is that the cybersecurity industry is becoming better at plugging the most obvious gaps and weak points. There has certainly been some regulation, such as in the UK, to clamp down on weak passwords." However, he warns that credentials extend beyond passwords to include API keys and browser cookies, and there are still standing privileges that pose a risk.
Kontsevoy concludes, "Regardless of whether social engineering attacks use AI or not, the solution is always going to be the same: eliminate human error. That means the modern-day security paradigm has to be first and foremost about eliminating secrets and enforcing cryptographic identity, least privileged access, and robust policy and identity governance."