AI-Powered Cyberattacks Accelerate
Cybercriminals are increasingly using AI to escalate attacks by exploiting basic security gaps in enterprise systems, according to a new report from IBM. A separate study from Experian warns that fraud attacks are outpacing business defenses, while Group-IB identifies identity compromise via phishing as the primary gateway for supply-chain attacks on financial services.
- Phishing constitutes a significant portion of email-based threats, with one report indicating it makes up 83% of such threats. Generative AI is increasingly used to create sophisticated phishing emails, with one analysis finding that over 73% of phishing emails in 2024 involved some form of AI. - The speed and irrevocable nature of real-time payment (RTP) networks like FedNow and The Clearing House's RTPĀ® introduce new fraud vulnerabilities. To counter this, network-level fraud solutions are being developed, and financial institutions are urged to enhance their "Know Your Customer" (KYC) protocols. - Digital identity verification is a critical defense, using technologies like biometric verification and liveness detection during account creation and high-risk transactions to prevent fraud. AI-driven tools can analyze facial recognition, documents, and behavioral patterns to strengthen authentication. - Supply chain attacks remain a major threat to the financial sector, which, despite having better security monitoring than other industries, is still exposed to the vulnerabilities of its vendors. One report indicated that suppliers to financial firms underperformed on 16 of 22 cybersecurity risk vectors compared to the financial firms themselves. - Globally, regulators are increasing their focus on AI governance in financial services, emphasizing transparency, fairness, and accountability. In the UK, the Financial Conduct Authority (FCA) has launched initiatives like an "AI Input Zone" to gather feedback and has warned that AI amplifying bias could lead to poor consumer outcomes. - While The Clearing House's RTP network has a greater account reach, FedNow is seeing rapid adoption due to existing relationships with U.S. banks. The RTP network is set to raise its transaction limit, which will open it up to more large B2B and corporate transactions. - Cybercriminals are operationalizing AI not just for phishing but across multiple stages of attacks, including reconnaissance and even managing ransomware negotiations. This has led to a surge in attacks on collaboration platforms like Slack and Teams, which are now seen as secondary attack channels. - Financial institutions are leveraging AI and machine learning for fraud detection by analyzing vast datasets to distinguish between legitimate and suspicious activities. This includes using behavioral biometrics, such as keystroke analysis, to identify anomalies during user interactions with banking apps.
