Proteus

Super interesting stats from the CrowdStrike threat report that just came out. Vishing went up by more than 400% in the last half of the year. Access to generative AI tools to make voice calls is exploding and is resulting in massive risk for organizations. We are seeing enterprises respond in the following ways: 1. Implement phishing resistant MFA controls that do not use any shareable credentials. Demo video here - https://lnkd.in/dnbR4yEt 2. Implement secure identity verification for employees instead of relying on helpdesk. Demo video here - https://lnkd.in/eUPNrAUk

The FBI has issued a warning for all Gmail users: Threat actors are using AI-generated phone calls to impersonate Google, claiming your account has been compromised. They’ll send you a code, pretending it’s for security, but in reality, it grants them full access to your account. Remember—Google will never send verification codes this way or share personal details via email. Protect yourself now by enabling Multi-Factor Authentication. https://lnkd.in/eU6KEcUt Christopher Hadnagy #CyberSecurity #InfoSec #MultiFactorAuthentication #StaySafeOnline #PhishingAlert #GmailSecurity #AIThreats #AccountSecurity #DigitalSafety

Another day, another $18.5 million lost to deepfake voice fraud — once again in Hong Kong. This is just the tip of the iceberg. Research predicts AI-enabled fraud losses could hit $40B by 2027 — and that's just in the U.S. All at a time when more than half of C-suite executives expect deepfake attacks to target their finances. Traditional security measures are no match for deepfakes. Risk-averse organizations are taking action to head off deepfake threats by implementing solutions like Reality Defender, but 62% of CISOs still worry their companies are still not taking the threat seriously enough. The choice is simple: in today's digital landscape, verifying authentic communication is not a luxury — it's essential for business continuity.

You guys. I know everyone is outraged-out, but the tsunami that AI is going to unleash on us demands our attention. Case in point: The smart people at Cornell recently ran a human subject study on whether language models can successfully spear-phish people. Bottom line: AI was *50 percent better and 50 times cheaper* than the old-fashioned way. Phishing was already a serious problem and these results are deeply troubling. What did they do? They used AI agents built from GPT-4o and Claude 3.5 Sonnet to search the web for available information on a target and use this for highly personalized phishing messages. What did they learn? 1. AI spear-phishing is highly effective, receiving a click-through rate of more than 50%, significantly outperforming our control group. 2. AI-spear phishing is also highly cost-efficient, reducing costs by up to 50 times compared to manual attacks. 3. AI models are highly capable of gathering open-source intelligence. They produce accurate and useful profiles for 88% of targets. Only 4% of the generated profiles contained inaccurate information. 4. Safety guardrails are not a noteworthy barrier for creating phishing mails with any tested model, including Claude 3.5 Sonnet, GPT-4o, and o1-preview. Yikes! #GenAI #socialengineering #fraudasaservice #fraudrisk

?? AI has revolutionized cybersecurity, creating both powerful defenses and dangerous new threats. Cybercriminals are leveraging offensive AI to craft hyper-realistic phishing emails, clone voices, and deploy adaptive malware—at a scale that overwhelms traditional defenses. At the same time, organizations are turning to defensive AI to detect anomalies, automate responses, and stay one step ahead in the growing AI arms race. Our latest blog breaks down how AI is transforming cybersecurity on both sides—and why advanced, AI-driven solutions are critical to protecting your organization. Learn more: https://lnkd.in/eKuEiDfJ

OpenAI was targeted by Chinese hackers who sent?malware?to OpenAI employees, according to an intelligence threat?report?the company published on Wednesday.

Recently the FBI and CISA dropped a joint advisory as part of their ongoing #StopRansomware effort, warning about new cyber threats. They're urging organizations to step up their game by installing updates ASAP, using phishing-resistant MFA, and making sure everyone is trained up. With Generative AI making these attacks easier, it's time to rethink our phishing and ransomware defenses. At Token, we recently ran a survey to dig into CISOs perspectives on how they are integrating advanced phishing-resistant MFA strategies to protect their organizations against emerging threats. The insights are pretty eye-opening. Check out the full article on The Hacker News for more details - https://lnkd.in/gUNK6YRa

File-sharing phishing attacks are on the rise – to the tune of 350%. We regularly see these types of attacks (and Abnormal Security stops them), and our latest Threat Report showcases how much of a problem it is. These threats, which exploit legitimate platforms like Dropbox, Docusign, and Google Drive to disguise phishing attacks, have more than tripled over the past year. More about these findings, plus a dive into the uptick of business email compromise, is available in the report here: https://bit.ly/3XGDAI1 #threatreport #cybersecurity #phishing #BEC #VEC

Hey, Network. This is an interesting multi-stage phishing attack whose original URL payload is abusing Calendly, and redirecting to Cloudflare-protected phishing infrastructure. This was missed by 2 different SEGs, and another API vendor, but was detected in real time by Abnormal Security. #emailsecurity, #cybersecurity

2024 State of The Phish Report?- by Proofpoint