AI bolsters security response times, reveals ReliaQuest report
An annual threat report by ReliaQuest has revealed that artificial intelligence (AI) and automation technologies are instrumental in organisations responding to security incidents "up to 99% faster than last year".
According to the report, the majority of cyber attacks against organisations are conducted through social engineering of employees, with criminals utilising innovative methods including AI to strengthen their techniques. This deployment of AI and automation has allowed organisations to respond to threats within a timescale as narrow as 7 minutes.
ReliaQuest's report highlights that a staggering 71% of all attacks trick employees via phishing. Specifically, a 51% spike in QR code phishing was reported last year compared to the previous eight months. This shift signifies an expedited hacker preference towards engaging attacks via social engineering and user interaction.
In parallel, increasing interest is being noted within cybercriminal forums to weaponise AI systems. Specific sections within these forums are dedicated to AI and machine learning, painting an alarming picture of criminal alternatives to mainstream chatbots. For instance, FraudGPT and WormGPT, hint at the evolution of uncomplicated malware and distributed denial of service (DDoS) queries using these options.
Conversely, AI-powered automation has also significantly bolstered defensive capabilities among organisations. Organisations employing AI and automated workflows have managed to cut down their Mean Time to Respond (MTTR) from an average of 2.3 days to 58 minutes. For organisations that have fully integrated AI and automation, the response time has been reduced to an impressive 7 minutes or less.
The report states that financial theft remained the primary objective for criminals in 2023, contributing to 88% of customer incidents. Extortion activity saw a substantial surge of 74% with a record-breaking number of 4,819 compromised entities named on data-leak websites from ransomware groups. In perspective, LockBit alone accounted for 1,000-plus entities.
The study also shed light on significant threats from suspected nation-state actors employing "living off the land" (LotL) techniques. These defence-evasion strategies are executed by techniques such as log clearing and infiltrating PowerShell. Such incidents allow attackers to blend into a company's environment, granting prolonged access to the threat group.
Michael McPherson, Senior Vice President of Technical Operations at ReliaQuest, commented, "As the threat continues to evolve, defenders must stay agile, using AI and automation to keep pace with the latest attack techniques. Time is the enemy in cybersecurity." He further highlights that companies need to maximise visibility across their networks and beyond the endpoint, fully leverage AI and automation to better use their own data, and equip their teams with the latest threat intelligence.
The ReliaQuest Annual Threat Report provides detailed remediation advice, including specific sections on preventing Business Email Compromise (BEC) attempts, ransomware attacks, as well as social engineering and multifactor authentication (MFA) abuse. The report also offers guidance on addressing malware-free activity, as well as staying updated on the latest tactics, techniques and procedures (TTPs).