AI Attacks: A Growing Threat to Elections, Finances, and Infrastructure
Attackers are increasingly weaponizing AI to disrupt elections, defraud exchanges, and assault critical infrastructure. These threats come from nation-state actors and cybercrime gangs leveraging AI to conduct sophisticated identity-based attacks, funding their operations through these illicit activities.
The Rise of AI-Driven Identity Attacks
The attackers' tactics include phishing, social engineering, and taking over passwords and privileged access credentials to perpetrate synthetic identity fraud against financial institutions, retailers, and e-commerce merchants. With identity theft serving as their primary revenue source, nation-state attackers are doubling down on AI, causing synthetic identity fraud to surge by 14.2% year-over-year.
Financial institutions are now facing $3.1 billion in potential losses from suspected synthetic identity fraud related to U.S. auto loans, bank credit cards, retail credit cards, and unsecured personal loans—the highest levels recorded. TransUnion reports that nearly 14% of newly created global digital accounts last year contained suspected digital fraud, with industries like retail, travel, leisure, and video gaming bearing the brunt.
Deepfakes: The Cutting Edge of AI Attacks
Deepfakes represent the forefront of AI-driven identity threats, with their usage skyrocketing by 3,000% last year. This trend is expected to escalate by 50-60% in 2024, potentially resulting in 140,000-150,000 deepfake incidents worldwide. Last year, nearly 20% of synthetic identity fraud cases involved deepfakes, making them the fastest-growing category of weaponized AI. Attackers are continuously refining their skills, utilizing advanced AI applications and multimedia editing techniques. Deepfake-associated identity fraud attempts are projected to hit 50,000 this year.
The Department of Homeland Security has released a guide emphasizing the escalating threat of deepfake identities, highlighting the urgent need for vigilance.
Organizational Preparedness Against AI Threats
Despite the alarming rise of AI-driven identity attacks, many organizations remain unprepared. According to Ivanti’s 2024 State of Cybersecurity Report, one in three organizations lack a documented strategy to counter generative AI threats. A staggering 74% of organizations report experiencing the impact of AI-powered threats, with 89% anticipating a growing trend. Most CISO, CIO, and IT leaders express concern about their organizations' readiness, with 60% fearing inadequate defenses against these evolving threats, particularly in phishing, malware, ransomware, and API vulnerabilities.
Budgeting for AI-Based Threats
Ping Identity's report, "Fighting The Next Major Digital Threat," highlights the widespread unpreparedness for AI-powered identity attacks. "AI-powered cyber threats and identity attacks are about to explode," writes Jamie Smith, co-author of the report, noting that over 40% of businesses expect a significant increase in fraud next year. In response, 95% of organizations are expanding their budgets to combat these emerging threats.
However, despite the rapid escalation of identity attacks, many organizations are not fully utilizing the latest protective technologies. Only 49% employ one-time passcode authentication, and just 45% adopt two-factor or multifactor authentication (MFA). CISOs have noted that MFA is a viable solution, especially within a broader zero-trust framework. Additionally, 44% of security leaders implement biometrics or behavioral biometrics.
Enhancing User Experience while Strengthening Security
Organizations face the challenge of fortifying their identity and access management (IAM) and privileged access management (PAM) systems without compromising user experience. Experts assert that effective cybersecurity measures should be seamless for users.
The shift toward passwordless authentication technologies is gaining traction, aiming to thwart AI-driven attacks and make credential theft more challenging. Gartner predicts that by next year, 50% of the workforce and 20% of customer authentication transactions will occur without passwords. APIs, biometrics, and passwordless technologies are emerging as robust alternatives.
Leading passwordless authentication solutions include Microsoft Azure Active Directory, OneLogin, Thales SafeNet Trusted Access, and Windows Hello for Business. Notably, Ivanti’s Zero Sign-On (ZSO) combines passwordless authentication with a zero trust framework to enhance user experiences while eliminating passwords and integrating biometric authentication.
Integrating APIs for Enhanced Security
Utilizing application programming interfaces (APIs) to streamline verification processes is also crucial. Telesign is developing AI-enabled APIs to consolidate verification channels into a unified solution. Their Verify API has quickly evolved to integrate seven leading user verification channels, improving security and reducing fraud through real-time detection and assessment.
Telesign CEO Christophe Van de Weyer emphasizes the importance of onboarding processes that verify customer identities to prevent fraud effectively. The Verify API utilizes AI and machine learning to strengthen identity protection, allowing businesses to select the most secure and user-friendly verification channels seamlessly.
Understanding the Stakes: Identity Ownership
Controlling digital identities is vital for organizations, as stolen credentials and synthetic identities fund operations for nation-state actors and cybercrime organizations. As deepfakes become more prevalent, organizations must identify vulnerabilities in their identity management processes to avoid falling victim to the evolving tactics of AI-driven threats.
Ranking
