见解、策略及挑战

Cybersecurity andthe AI Threat Landscape Key insights, emerging tactics, Executive Summary Preface We hope you find this report both informative and practical. If you have any feedback or wouldlike to share suggestions for future research, we’d be grateful to hear from you. Your input helps Contents Credential leaks 90% 78% of breached companies had corporatecredentials leaked in a stealer log within of breached companies hadcorporate credentials previouslyleaked in a stealer log Microsoft observed that password-basedattacks make up over 99% of the 600 million Identity attack trends Phishing and social engineering For every human identity, thereare approximately 46 non-humanidentities according to a Delinea- According to SlashNext, in 2024,there was a 202% increase in Non-human identities Deepfakes According to a recentreport by Semperis, Active MFA’s role in major attacks Attacks targeting Active Directory Targeting IDPS Major identity attacks The Midnight Blizzard attack 3.9% of all observed login attemptsto Identity Provider (IDP) systemsin 2024 were malicious attacks Deepfake fraud: $25 million heist highlightsgrowing cyber threats Exploiting identity systems Snowflake breach impacting multiple organizations BlackCat ransomware attack on Citrix Systems The Internet Archive breach Ransomware Most targeted countries Most targeted industries WHITEPAPER The top 5 ransomware groups Monthly activity stats 1|RansomHub 2|LockBit Operating on a Ransomware-as-a-Service (RaaS) modelsince 2019, LockBit is one of the most prolific ransomwaregroups globally. It allows affiliates to use its tools inexchange for a share of the profits. LockBit is known 3|Play Also known as PlayCrypt, this group has been active sincemid-2022. Play uses a double extortion model, encryptingdata and threatening to leak it if ransoms are not paid. Ittargets businesses and critical infrastructure across North 4|Akira Akira ransomware appeared in March 2023 and gainednotoriety for its aggressive tactics and significant impacton businesses and critical infrastructure. It uses a double 5|Hunters International Emerging in late 2023, Hunters is believed to be an offshootof the dismantled Hive ransomware group. It quickly becamea significant threat, using techniques and code similarto Hive. Hunters International operates on a RaaS model Notable major ransomware attacksin 2024 TEG (Ticketek) Identity-related common vulnerabilities and exposures Putting identity CVEs in context— an outlook on CVEs in 2024 2024 CVE categorization CVEs in identity products 1.Complexity of identity systems:Modern identity products 2.Integration with multiple systems:Identity products 4.Increased targeting by ªttackers:As identity products are The targeting of identity systemshas increased by more than 250% 5.Insufficient security practices:Some identity products 1.Complexity of hybrid and multi-cloud environments:The Identity-related CVEs 2.Evolving threat actors:Cyber criminals are increasingly 3.Increased focus on Privileged Access:With organizations 4.API exploitation:The proliferation of APIs used to 5.Faster vulnerability disclosure and research:As the Predictions for identity threats in 2025 and beyond The use of AI in ransomware attacks •Advanced ransomware groups, including FunkSec-inspiredcollectives, are expected to increasingly harness AI toenhance and evolve their attack strategies. AI-poweredcapabilities will enable attackers to operate with greater •Rising use of deepfakes in attacks:The use of deepfakes AI-driven phishing campaigns •Adaptive encryption strategies:Implementing algorithms •Dynamic ransom messaging:AI-generated ransom notes Deepfakes as a toolfor identity exploitation •Hyper-personalized attacks:AI will enable attackers to •Natural Language Processing (NLP) exploitation: Targeting non-human identities (NHI) References AI-driven exploitation and 1.Breached Identities and Infostealers: One of the LargestOngoing Data Leaks in History - Flare | Cyber Threat Intel |Digital Risk Protection 2.Microsoft Digital Defense Report 2024 3.SlashNext-2024-Phishing-Intelligence-Report.pdf 4.Entro Labs 5.https://www.natoma.id/blog/what-are-non-human-identities 6.Clutch - Securing Non-Human Identities. Everywhere. •Phishing email generation:Using ChatGPT-like models 7.What are non-human identities 8.Non-Human Identities most common questions: What It Is,Why It Matters, and How to Manage It •AI-driven malware:Adapting in real time to evade 9.A Human’s Guide to Non-Human Identities (NHIs) 10.Entrust Official Website 11.The Top 5 Must-Read Analyst Reports of 2024 for IdentityVerification and Cybersecurity Experts | iProov •Over 50% reduction in attack execution timedue to AI. •Increased sophistication in campaignstargeting both 12.Active Directory Forest Recovery - Semperis 13.How are attackers trying to bypass MFA? Delinea is a pioneer in securing identities through cent