Press Release
BlueVoyant Research Illuminates Latest Cyber Attack Techniques and Best Defense Practices
February 8, 2024
The most recent cyber criminal tactics include using generative AI for phishing, online advertisements as an attack vector, and continued quicker exploitation of new vulnerabilities
NEW YORK, February 8, 2024 — BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks today released the findings of its second external cyber defense trends report, which highlights the new risks organizations face from outside the traditional IT perimeters.
“Organizations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities,” said Joel Molinoff, BlueVoyant’s global head of supply chain defense. “BlueVoyant undertook this research to shine a light on the attack vectors organizations need to be aware of and recommended actions to help prevent the latest threats.”
Artificial Intelligence (AI) is transforming how enterprises do business with the ability to generate content efficiently. Cyber criminals are also capitalizing on AI to create more effective phishing campaigns.
“The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks,” said Ron Feler, BlueVoyant’s global head of threat intelligence. “While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.”
The report’s key findings focus on:
- Online Ads as an Attack Vector: BlueVoyant’s threat intelligence has observed threat actors using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.
- Cyber Criminals’ Use of AI: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier.
- The Need for Better Email Security: Many organizations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats.
- The Continued Need to Patch Quicker: In the first report, BlueVoyant found that organizations were often slow to patch systems even as attackers were exploiting new vulnerabilities faster. Now, the exploitation of vulnerabilities is happening even faster, prompting a high-stakes race between threat actors and defenders after a disclosure.
The research was completed using trend data queries from BlueVoyant’s Supply Chain Defense and Digital Risk Protection solutions.
Supply Chain Defense is a fully-managed solution that continuously monitors clients’ vendors, suppliers, and other third parties for any vulnerabilities, and then works with those third parties to quickly resolve issues. The platform identifies enterprises’ internet-facing software vulnerabilities and other exploitable opportunities with techniques similar to those used by external cyber attackers while profiling prospective targets.
Digital Risk Protection goes outside the wire to find threats against clients, employees and business partners on the clear, deep, and dark web, plus instant messaging applications. The platform has unique access to DNS data sets and cyber crime channels to find the latest cyber attacker techniques, tactics, and procedures, and to provide unlimited external remediation to help prevent financial loss and reputation damage.
Learn more about external threats and how to reduce risk in the BlueVoyant research report: “External Cyber Defense Trends.”
About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based cloud-native cyber security solution by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense products and services illuminate, validate, and quickly remediate threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cyber security to more than 900 clients across the globe.
BlueVoyant Press Contact:
Jennifer Schlesinger