AI-Phishing Drives Demand For Alternatives To ‘Flawed Legacy Authentication’ 

The FIDO Alliance Online Authentication Barometer reports that 54% of survey respondents have seen an increase in phishing activity, while 52% believe phishing techniques have become more sophisticated as threat actors increasingly leverage AI.

AI-driven FraudGPT and WormGPT, created and shared on the dark web, have made executing a sophisticated social engineering attack far simpler and easier to do at scale. Also, voice and video Deepfakes are being used to add a convincing element to these social engineering attacks.

Researchers estimate that password usage without two-factor authentication remains dominant, people enter a password manually nearly four times a day on average (~1280 times/year) and 37% of respondents use passwords instead of MFA to log into work accounts.

Consumers rank biometrics as the top MFA log in solution, which they also believe is most secure, and passkeys have grown in consumer awareness in the last year: rising from 39% in 2022 to 52% today.

Ted Miracco, CEO, Approov had this comment:

   “AI-driven cybercrime certainly highlights the need for stronger authentication methods beyond traditional passwords. However even passkeys and Multi-factor authentication (MFA) are not immune to all types of attacks. While they provide better security compared to passwords alone, they may still be vulnerable to certain types of attacks, including the increasingly common man-in-the-middle (MITM) attacks. If the communication channel between the user and the authentication system is compromised, an attacker can intercept or manipulate the passkey or MFA during transmission and can effectively impersonate the user or gain unauthorized access. To mitigate the risk of MITM attacks, use secure communication protocols such as HTTPS to encrypt the data transmission between the user and the authentication system. 

   In addition, users should ensure they are using attested mobile devices and trusted networks for authentication. Avoiding public or unsecured Wi-Fi networks reduces the risk of MITM attacks.  Lastly, by using out-of-band verification methods, such as receiving authentication codes through a separate communication channel (e.g., SMS codes sent to a registered phone number), users can add an extra layer of security by making it more difficult for an attacker to intercept both the authentication code and the login session.”

Emily Phelps, Director, Cyware follows with this:

   “Passwords alone are not enough to secure accounts and sensitive data. Phishing remains so popular because there is a low barrier to entry and it remains effective. As AI technologies become more commonplace and sophisticated, adopting better security practices will be even more critical than it is today. The reality is no single authentication method is foolproof. Organizations and individuals must adopt multifactor solutions to reduce the risks of phishing attacks. It’s encouraging to see an increase in consumer awareness, but awareness alone does not reduce risk. Multifactor authentication is the minimum we should be requiring to defend against social engineering tactics.”

As far as I am concerned, passwords are dead. And the sooner people realize that and switch to other methods of authentication, the more secure that we all will be.

Leave a Reply

%d bloggers like this: