Account takeover (ATO) remains a persistent attack vector because weak authentication credentials, such as passwords, are gathered by a variety of means including data breaches, phishing, social engineering and malware.
That’s according to Jeremy DโHoinne, VP Analyst at Gartner, who said: โAttackers then leverage bots to automate a barrage of login attempts across a variety of services in the hope that the credentials have been reused on multiple platforms.โ
AI agents will enable automation for more steps in ATO, from social engineering based on deepfake voices, to end-to-end automation of user credential abuses.
Because of this, vendors will introduce products web, app, API and voice channels to detect, monitor and classify interactions involving AI agents.
โIn the face of this evolving threat,ย securityย leaders should expedite the move toward passwordless phishing-resistant MFA,โ saidย Akif Khan, VP Analyst at Gartner. โFor customer use cases in which users may have a choice of authentication options, educate and incentivize users to migrate from passwords to multidevice passkeys where appropriate.โ
Along with ATO, technology-enabled social engineering will also pose a significant threat to corporate cybersecurity. Gartner predicts 40% of social engineering attacks will target executives as well as the broader workforce by 2028. Attackers are now combining social engineering tactics with counterfeit reality techniques, such as deepfake audio and video, to deceive employees during calls.
Although only a few high-profile cases have been reported, these incidents have underscored the credibility of the threat and resulted in substantial financial losses for victim organizations. The challenge of detecting deepfakes is still in its early stages, particularly when applied to the diverse attack surfaces of real-time person-to-person voice and video communications across various platforms.
โOrganizations will have to stay abreast of the market, and adapt procedures and workflows in an attempt to better resist attacks leveraging counterfeit reality techniques,โ saidย Manuel Acosta, Sr. Director Analyst at Gartner. โEducating employees about the evolving threat landscape by using training specific to social engineering with deepfakes is a key step.โ
