TL;DR:
- Phishing attacks are increasing in both frequency and sophistication, as revealed by the FIDO Alliance’s Online Authentication Barometer.
- Over half of respondents report a rise in suspicious messages and scams, with 52% noting the increased sophistication of phishing techniques, often leveraging AI.
- Tools like FraudGPT and WormGPT, shared on the dark web, simplify the creation of social engineering attacks, while deepfake voice and video add a new dimension to deception.
- Passwords, without two-factor authentication, remain the primary method of access, despite vulnerabilities.
- Negative impacts of legacy authentication methods are on the rise, with users giving up on accessing online services and abandoning purchases.
- Biometrics emerges as the preferred MFA solution, with growing consumer awareness of FIDO-enabled methods like passkeys.
- Industry leaders like Google, Apple, and PayPal endorse FIDO-enabled solutions.
Main AI News:
The landscape of online security is shifting dramatically, with phishing attacks on the rise, both in frequency and sophistication. The recently published Online Authentication Barometer by the FIDO Alliance, on October 16, 2023, sheds light on this evolving threat.
A staggering 54% of respondents in the FIDO Alliance survey reported an increase in suspicious messages and scams, showcasing the alarming prevalence of phishing attacks. Furthermore, 52% of participants noted that phishing techniques have grown more sophisticated. This escalation can be attributed to threat actors harnessing the power of artificial intelligence to craft and execute phishing schemes effectively.
The report highlights the emergence of tools like FraudGPT and WormGPT, deliberately created for cybercriminal purposes and shared on the dark web. These tools have streamlined the process of devising convincing social engineering attacks, making them more sophisticated and scalable. Adding to the arsenal of cybercriminals, deepfake voice and video technologies are increasingly used to deceive victims into believing they are interacting with trusted individuals.
Passwords Still Rule the Roost
Despite the growing menace of phishing, the use of passwords without two-factor authentication (2FA) remains predominant across various applications. The survey exposes a startling statistic: individuals manually input their passwords an average of nearly four times daily, totaling around 1280 times annually.
Notably, vulnerable passwords are most commonly used to access work computers or accounts, with 37% of respondents opting for this method over multi-factor authentication (MFA). Andrew Shikiar, Executive Director and CMO at FIDO Alliance, underscores the urgency of the situation, stating, “Phishing remains the most utilized and effective cyberattack technique, rendering passwords vulnerable irrespective of their complexity. With easily accessible generative AI tools empowering malicious actors to mount more convincing and scalable attacks, it is imperative for both consumers and service providers to explore non-phishable and frictionless solutions. This shift should prioritize innovation over iterating on inherently flawed legacy authentication methods like passwords and one-time passwords (OTPs).”
Escalating Negative Impacts
The adverse effects stemming from legacy user authentication methods are worsening, with nearly 59% of users admitting to giving up on accessing online services. Additionally, 43% have abandoned purchases in the last 60 days, with these instances occurring nearly four times per month per person—an increase of approximately 15% from the previous year.
Biometrics Leads the Charge
In the quest for secure, non-phishable alternatives, users are increasingly open to adopting innovative solutions. Biometrics emerges as the leading MFA solution, preferred by consumers for its convenience and perceived security. Roger Grimes, a data-driven defense evangelist at cybersecurity awareness company KnowBe4, commends the transition from passwords to MFA solutions but emphasizes the need for phishing-resistant MFA methods, such as FIDO-enabled options.
The survey reveals a notable uptick in consumer awareness regarding FIDO-enabled methods like passkeys, rising from 39% in 2022 to 52% today. The endorsement of such methods by industry giants like Google, Apple, and PayPal further solidifies their credibility.
Research for the FIDO Alliance’s Online Authentication Barometer was conducted by Sapio Research, surveying 10,010 consumers across multiple countries, including the UK, France, Germany, the US, Australia, Singapore, Japan, South Korea, India, and China.
A Glimpse into FIDO Alliance
Established in 2013, the Fast IDentity Online (FIDO) Alliance is a non-profit organization dedicated to developing and maintaining FIDO standards, a set of open, standardized authentication protocols. FIDO authentication, grounded in public key cryptography, offers greater security compared to password-based methods and is more resistant to phishing and other cyberattacks. Its widespread support across web browsers, operating systems, and devices ensures seamless adoption without necessitating hardware or software changes.
Conclusion:
The escalating threat of AI-powered phishing demands urgent attention from both consumers and service providers. Passwords, once the standard, are increasingly vulnerable, with significant negative consequences for user experiences. The market is poised for innovation, with biometrics and FIDO-enabled solutions gaining prominence. This shift signifies a growing demand for secure, frictionless authentication methods that can withstand the evolving tactics of cybercriminals. Businesses that prioritize user security and adopt advanced authentication measures are likely to gain a competitive edge in an increasingly perilous digital landscape.