Ransomware, deep fakes and other AI threats are on the rise according to one of Europe’s leading data security experts Jake Moore.
Once they gain entry, a hacker has approximately just over a minute or 84 seconds to embed themselves in a company’s data network.
That’s the grim prognosis of Jake Moore, one of Europe’s leading data security experts.
“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI-supercharged”
Moore, who was speaking ahead of the annual IRISSCON 2024 conference on 6 November, warns that Irish businesses are vulnerable and need to be wary of cybercriminals lying in wait.
Moore, who is a global cybersecurity advisor at ESET and previously spent 14 years pursuing cybercriminals in the UK police force, said that attackers are willing to spend over 200 days in an organisation’s network, unnoticed, before launching any sort of attack.
“Once a hacker has breached an organisation’s network through unprotected endpoints, like a mobile phone, laptop or IoT device, it takes around one minute, 84 seconds on average, to move laterally and get deeper into the network,” Moore said.
“That is not a lot of time for any network security to react, and, once the harm is done, it takes 73 days, on average, to contain the breach. So, the objective is to prevent the network access in the first place.”
Attack of the clones
Ransomware and phishing attacks remain top threats, according to the ESET software developers. Cybercriminals use AI algorithms to analyse vast amounts of their target segments’ data. They look at social media profiles, online behaviour, recent purchases and other publicly available information to create very personalised phishing and social engineering attacks.
With Artificial Intelligence affecting every single industry, AI obviously benefits cybercriminals too.
“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI supercharged,” Moore warned.
“New defences are needed to protect companies from this next generation of attacks.”
The ESET expert’s work with clients begins with some very telling practical examples of their vulnerabilities. Jake Moore has hacked businesses using AI voice cloning technology, stealing money, completely unnoticed, in minutes.
He has also, in the guise of work, hacked a police station. Having socially engineered his way into the police station, he was able to steal a laptop, break the encryption, hack into the entire network, and change the password of the Head of Professional Standards, without being caught.
Moore also engineered a targeted phishing attack, via LinkedIn, on the CEO of a company, illustrating how easy it is to manipulate people into handing over their account credentials, and data, using hacking tools widely available on the internet, (if you know where to look).
Simple social engineering techniques, like psychological manipulation, tricks users into making security mistakes, or giving away sensitive information, so the criminal can take over their email account, website, or even their life, the cybersecurity pro says.
Deepfakes are getting easier to make and are the next big tool in the social engineer’s toolkit, the cybersecurity sector insists.
“From hacked CCTV to cloned RFID cards, deepfake technology is used to create new identities or to steal the identities of real people,” Moore said.
“Attackers create false documents, or fake their victim’s voice, so they can hack systems, create accounts, get information, or purchase things by pretending to be that person.”
Moore made the comments ahead of the annual Irish Reporting and Information Security Service cybercrime conference (IRISSCON) which takes place in Dublin on 6 November at the Aviva Stadium. The event features expert speakers and delegates from all over the world, as well as the popular Cybersecurity Challenge, testing the skills of would-be hackers to break the system.
From the malicious spread of misinformation, to financial crime, IRISSCON 2024 delegates will hear how deepfake fraud is becoming more sophisticated, and difficult to identify, and how tech security in business can, and must, stay a step ahead of the hackers.
Conference updates and bookings are available on the IRISSCON website
-
Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here
-
Listen to the ThinkBusiness Podcast for business insights and inspiration. All episodes are here. You can also listen to the Podcast on:
-
Spotify
-
SoundCloud
-
Apple
