Identity theft, AI and deep fakes

B2B Cyber ​​Security ShortNews

Share post

In the last year, credential interception attacks, such as those exploiting the Citrix NetScaler vulnerability, have resulted in cybercriminal groups having millions of potential logins. In 2024, the number of cyberattacks using stolen or fake digital identities will continue to rise.

This circumstance is likely to cause massive problems again in many German companies in 2024. Cybercriminals rely on companies using a wide variety of cloud infrastructures and solutions and thereby losing track of their access and access authorizations. To protect themselves from a flood of cloud-based user account takeovers, organizations must increase the visibility and resilience of their cloud environments. You need to detect stolen or fake identity attacks before they become a security incident.

NIS2 sets new security standards

On December 14, 2022, the EU Parliament and EU Council adopted Directive 2022/2555, also known as NIS2. In the coming months, the European national legislators will transpose the EU directive into national law and provide specifications and details. Estimates currently assume that around 30.000 German companies will be affected - of which only around 40 percent currently have NIS2-compliant insurance. Cloud infrastructures are also affected by the new requirements.

Optimizing phishing attacks with AI

After the initial wave of hype last year, many companies tested the use of Large Language Models (LLMs). But if you take a closer look at this trend, it becomes clear that the initial curiosity will soon fizzle out. LLMs are generally difficult to use because they are not (yet) able to recognize context or provide reliable results. So widespread use of LLMs will decline in 2024 and companies will limit their use until the technology is more mature and easier to use. Cyber ​​criminals face similar problems. It is therefore unlikely that AI will be used on a large scale to generate malicious code in 2024. It is more likely that cybercriminals will continue to use generative AI to generate photo, audio and video deep fakes.

False positive attack reports flood alerts

Combined with the use of AI-supported attacks on user account data, it can be assumed that hybrid attack techniques will also continue to gain in popularity. These can be recognized by modern IT security tools, but they must also be equipped with the appropriate rules. More attack techniques mean more security rules - and therefore more warning messages that have to be processed daily. Management will quickly push IT security teams to their limits. IT decision-makers are therefore well advised to look for an effective, AI-supported attack signal intelligence solution that allows security employees to focus on what is important – protecting business operations.

More at


About Vectra

Vectra is a leading provider of threat detection and response for hybrid and multi-cloud enterprises. The Vectra platform uses AI to quickly detect threats in the public cloud, identity and SaaS applications, and data centers. Only Vectra optimizes AI to recognize attacker methods - the TTPs (Tactics, Techniques and Processes) that underlie all attacks - rather than simply alerting on "different".


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more