The growing threat of AI-driven cybercrime and prevention strategies

In recent years, the integration of artificial intelligence (AI) into cybercrime has significantly increased both the frequency and effectiveness of attacks. Cybercriminals are leveraging AI tools, including large language models (LLMs), to automate and enhance their malicious activities. Here we explore how AI is being used in cybercrime, with a focus on automated phishing, password spraying, and vishing, while also providing strategies to mitigate these threats.

Automated Phishing

Phishing is a cyberattack method where attackers send fraudulent messages to trick individuals into revealing sensitive information. AI has made phishing attacks more sophisticated and personalized by analysing vast amounts of data to craft highly convincing phishing emails that mimic trusted sources. These emails often feature flawless grammar and dynamic content, making them harder to detect by traditional spam filters. By automating the process, cybercriminals can execute large-scale phishing campaigns with minimal effort.

Prevention Strategies:

  • Deploy advanced email security solutions that use AI to detect and block phishing attempts.
  • Conduct regular training sessions to educate employees on recognizing phishing emails.
  • Implement multi-factor authentication (MFA) to add an additional layer of security.

Password Spraying

Password spraying is a brute-force attack method in which attackers attempt to gain access to multiple accounts by using a single common password across different login attempts. Unlike traditional brute-force attacks that repeatedly try different passwords on a single account, password spraying spreads out these attempts to avoid detection and account lockouts. This technique is particularly effective against organizations with weak password policies.

Prevention Strategies:

  • Enforce strong password policies requiring complex and unique passwords.
  • Monitor login attempts and set up alerts for unusual login patterns.
  • Implement account lockout mechanisms after a certain number of failed login attempts.

Vishing

Vishing, or voice phishing, involves attackers using phone calls to deceive individuals into disclosing personal information. With AI, cybercriminals can enhance vishing attacks by generating realistic voice messages and automating call processes. Voice-altering software and spoofed phone numbers add legitimacy to these scams, increasing their effectiveness.

Prevention Strategies:

  • Educate employees and individuals on the risks of vishing and how to recognize suspicious calls.
  • Use caller ID verification tools to detect and block spoofed numbers.
  • Encourage secure communication channels for sharing sensitive information.

Mitigating AI-Driven Cybercrime

To counter the increasing threat of AI-powered cyberattacks, organizations and individuals must adopt proactive security measures:

  • AI-Based Security Solutions: Utilise AI-powered cybersecurity tools capable of detecting and responding to threats in real time by analysing patterns and identifying anomalies.
  • Continuous Training: Regularly update and train employees on emerging cyber threats and best security practices. Awareness is a key defence against social engineering attacks.
  • Robust Authentication: Implement strong authentication measures such as MFA and biometric verification to prevent unauthorized access.
  • Regular Audits: Conduct security audits and vulnerability assessments to identify and address weaknesses in your systems.

By understanding how cybercriminals exploit AI and taking proactive steps to prevent such attacks, individuals and organizations can better protect themselves in an evolving cybersecurity landscape.

Looking to simplify your purchasing and reduce the hassle of managing multiple suppliers?

We are now able to offer a single point of contact for all your technology needs including copiers and printers, document automation software, cybersecurity, IT support, IP phones and leased lines.Reduce number of suppliers

What are the benefits of reducing the number of suppliers?

Cost Savings

Reduced Administrative Costs: Managing fewer suppliers reduces administrative overhead associated with procurement processes, invoicing, contract management and communication.

Enhanced Quality and Consistency

Consistent Quality Standards: Reducing the number of suppliers can help ensure more consistent product or service quality. This is because fewer suppliers can be managed more closely to meet specific quality standards.

Simplified Logistics: Managing fewer suppliers simplifies logistics, making supply chain management more efficient, agile and less prone to errors or delays.

Reduced Risks

Minimised Supplier Risk: With fewer suppliers to manage, companies can more effectively assess and mitigate risks such as financial instability, compliance issues or ethical concerns.

Compliance and Sustainability

Easier Compliance Management: With fewer suppliers, it is easier to manage and enforce compliance with regulations, industry standards and company policies.

Sound good? Contact Steve Drayson on 01794 526088 or email s.drayson@aomltd.co.uk.

Your backup routine – top 5 things to consider in protecting your business against ransomware.

Backup securityRansomware encrypts all your data and makes it unusable unless you pay the ransom required. Best way to prepare for such an attack  is to have good quality data you can restore from backup. Here are key things to consider.

1. Review and update backup policies

The best defence against malware is being able to restore data from clean backups. However, backups will only work if they are robust and comprehensive and include all the data. CIOs should order a thorough audit of all business data locations. It is all too easy to miss critical data off a backup plan, whether they are held on local systems or in the cloud.

Best practice for backup remains the 3-2-1 rule: make three copies of data, store across two different forms of media and keep one copy off-site. To protect against ransomware, the offsite backup should be isolated from the business network.

2. Air gap business data

Cloud storage is an attractive technology to store long-term data backups, and in some quarters it has replaced physical backup media such as optical disks, portable hard drives and tape. It protects data from physical disruption, such as hardware or power failures, or fire and flood, but it will not automatically protect against ransomware. Cloud storage is vulnerable on two fronts: through connections to customer networks, and because it is shared infrastructure.

Ransomware can take out backup systems, which are the last line of defence against data loss.

The solution is to supplement cloud backups with tape or other mechanical backup media. Cloud can be the offsite copy, but keeping another dataset on tape, and keeping those tapes strictly offline, is the most reliable way to “air gap” data from a ransomware attack.

3. Make regular backups and review retention policies

It should go without saying that organisations should back up their data regularly.

Again, CIOs should review policies for frequency of backups, especially how often data is backed up to off-site locations (including the cloud) and mechanically separated media, such as tape. It might be that more frequent backups are needed.

IT teams should also review how long they keep backups, especially their air-gapped media. Ransomware often uses time delays to avoid detection, or “attack loops” to target apparently clean systems.

Organisations might need to go back through several generations of backups to find clean copies, requiring longer retention and, possibly, more copies. Keeping separate backups for critical business systems should also make recovery easier.

4. Ensure backups are clean and robust

Ensuring backups are free of malware is hard, but organisations should do as much as they can to make sure their backups are not infected.

As well as strict air-gap policies – such as taking media offline as quickly as possible – up-to-date malware detection tools are essential, as is system patching.

For extra protection, companies should consider write once read many (WORM) media such as optical disks, or tape configured as WORM. Some suppliers now market WORM-format cloud storage.

5. Test and plan

All backup and recovery plans need to be tested. This is critical to calculate recovery times – and establishing whether data can be recovered at all.

Using air-gapped, off-site media is best practice, but how long will it take to restore systems? Which systems are the priority for recovery? And will firms need separated, clean networks for recovery purposes?

CIOs should test all phases of the recovery plan, ideally using duplicate media. The worst scenario would be for a recovery exercise to contaminate existing, clean backups.

To stop ransomware you should also consider RC from Bullwall, last line of defence containment software. This will stop the ransomware attack and protect your data without the need to restore it from a backup.

Call Martyn on 01794 526088 to find out more.

Read the full article here Top five ways backup can protect against ransomware | Computer Weekly

Six ways to defend your company against a ransomware attack

Ransomware criminalRansomware – cyber extortion that occurs when malicious software infiltrates your computer systems and encrypts your data, holding it hostage until the victim pays a ransom. Failing to pay the ransom will result in the data being published online and extensive downtime. The likelihood of ransomware attacks can be reduced using a plan covering these actions:

1. Conduct risk assessments and penetration tests to determine the attack surface and current state of security resilience and preparedness in terms of tools, processes and skills.

2. Establish processes and compliance procedures that involve key decision makers in the organisation, even before preparing for the technical response to a ransomware attack.

3. Conduct frequent exercises and drills to ensure that systems are always able to detect the attacks.

4. Back up not only the data but also every non-standard application and its supporting IT infrastructure. Maintain frequent and reliable backup and recovery capabilities. If online backups are used, ensure they cannot become encrypted by ransomware.

5. Restrict permissions and deny unauthorised access to devices. Remove local administrator rights from end users and block application installation by standard users, replacing this with a centrally managed software distribution facility.

6. Research government and regional authorities that have provided guidelines on how organisations can fortify their IT infrastructure against ransomware.

Another layer of protection would be to implement anti-ransomware software RC from Bullwall. It is an innovative, last line of defence software which protects your confidential data against ransomware attacks from any user on any device. It provides a complete 24/7 containment solution.

Contact Martyn to book a demo on 01794 526088 or email  m.pegram@aomltd.co.uk

Source: ‘6 Ways to Defend Against a Ransomware Attack’, Gartner

Window Warehouse boosts their cybersecurity and protects their business from ransomware

Based in Portsmouth, Window Warehouse is the south coast’s leading manufacturer of quality uPVC and aluminium windows and doors to the domestic and commercial sectors.

Many large corporations spend millions on cybersecurity and still get attacked by cyber criminals, their private data encrypted, stolen and used for ransom. Experts agree that it is no longer a question of if, but when you get targeted. A business needs to take every precaution they can in building strong perimeter and end point defences, however, they also need to plan for when there is a breach and how to manage it. 

Andy Bulcock, IT Manager at Window Warehouse explained: “We are always looking at ways in which we can strengthen our cybersecurity defences. Since ransomware attacks have become more frequent across all business sectors, we knew we needed to invest in an effective solution which would neutralise this specific threat. As a business we have grown in size in the last few years and now have more users to protect. After extensive research we have selected RansomCare which was implemented by our technology partner Allied Office Machines.” 

RansomCare(RC) is a cost effective and easy to install solution from BullWall. It is an innovative, last line of defence software which protects your confidential data against ransomware attacks from any user on any device. It provides a complete 24/7 containment solution. 

Steve Drayson, MD at Allied Office Machines added: “Allied Office Machines have been working closely with Window Warehouse for the last ten years in supplying and maintaining their printers and copiers. We view our relationship with all our clients as a long-term partnership to understand the business and add value. Supplying another layer of protection to their cybersecurity will help to safeguard their company for the future.” 

Photo – Remi Cake from Window Warehouse and Martyn Pegram from Allied Office Machines