KnowBe4 warns of AI, deepfakes in social engineering attacks this year

27th January 2021 By: Schalk Burger - Creamer Media Senior Deputy Editor

Cybersecurity awareness and training solutions company KnowBe4 Africa warns that the volume and sophistication of phishing emails – fraudulent emails designed to steal information and credentials or infect devices with malware –will continue to increase this year.

KnowBe4 Africa content strategy senior VP Anna Collard adds that criminals are likely to start applying artificial intelligence (AI) and new technologies, such as deepfakes, in their social engineering attacks.

She warns, however, that even old-fashioned phishing methods will continue to pay off for criminals because people around the world are distracted and stressed out.

"Further, with the increased dependency on cloud services, there may also be increased risk of cloud jacking attacks – targeted phishing and social engineering attacks with the objective to steal Amazon or Azure administrators’ credentials to take over the victim's cloud infrastructures and accounts."

Similarly, ransomware is also expected to continue to grow in 2021, with attacks that will include extortion schemes threatening to release personal information or other sensitive data.

"A good backup and tested restore will no longer be enough to protect organisations," she adds.

"Coronavirus has forced organisations to move their workforce remotely. We will see a larger investment in remote workers’ security.

"This will probably be a bigger task than most anticipate, requiring a bottom-up review of which security controls are working, and which are not. We will likely see organisations settle on better communication channels, better training and security tools that are less obtrusive to productivity."

Meanwhile, the coming year will be a tipping point for passwords. With advancements and adoption of Fast Identity Online open authentication standards and multifactor authentication, KnowBe4 expects to see an increase in attacks against passwordless technologies.

Consumers will also likely see an increase in WhatsApp and short-message service fraud. Not only will the number of scams increase, but cybercriminals will also become bolder, for example demanding more money and using more forceful and devious techniques to manipulate people into paying, says Collard.

"To stay ahead of the ever-evolving threats, the global information security skills base will need to increase in order to cope. Organisations will have to step up security training and awareness programmes and consumers will have to be made aware of the risks they are facing.

"In Africa, specifically, we need to find solutions to protect mobile banking, which includes users performing financial transactions on their mobile devices. There has been an increase in mobile banking trojans and malicious applications in general, which is concerning when coupled with the lack of awareness among mobile users.

"Cybersecurity has to become everyone's responsibility and this culture must permeate every enterprise to better mitigate risks," she says.