Visa issues cybersecurity warning to merchants

Visa is warning merchants that cyberattacks will become increasingly difficult to detect as cybercriminals increasingly employ generative artificial intelligence (AI) technologies alongside malvertising, search engine optimization (SEO) techniques, and new methods to bypass authentication protocols.

Generative AI platforms such as ChatGPT that make use of advanced language models (ALMs) can produce phishing emails at much higher levels of scale that are free of grammar or spelling errors that an end user might detect. Other AI platforms can generate realistic speech capable of mimicking human emotions and logic, the report notes.

In addition, these platforms can also be used to create both ransomware and file stealer malware that alter their digital signature to first evade detection by cybersecurity tools and then create scripts to generate, for example, SMS notifications.

At the same time, it’s been discovered that cybercriminals are modifying JSON Web Tokens (JWT) to bypass authentication controls in a way that provides a means to access customer data. A coding error in an application programming interface (API) allowed cybercriminals to query and exfiltrate stored payment account data.

Overall, the report finds ransomware incidents increased 62% year-over-year, with March of this year surpassing prior records for most reported ransomware attacks in a single month.

It’s not clear to what degree cybercriminals might be leveraging generative AI to launch cyberattacks but it’s clear the tactics and techniques they employ are evolving once again. Last year it appeared that ransomware attacks might be beginning to decline as organizations become more adept at thwarting them. However, a report published by Coalition, a provider of cybersecurity insurance, notes there was a 12% increase in claims made in the first half of this year driven largely by a spike in ransomware attacks and funds transfer fraud (FTF).

Organizations with more than $100 million in revenue saw both the largest increase (20%) in the number of claims and the total amount of damages (72%) year over year, the report finds.

Cybercriminals are also demanding heftier ransoms, with payment demands increasing to an average of $1.62 million, a 74% increase over the past year, according to the insurance carrier.

Whether that increase in attacks and associated payment demands is the beginning of a surge or a momentary spike remains to be seen but cybersecurity teams would be well advised to prepare for the worst. The only way to effectively combat cyberattacks that leverage AI is to employ cybersecurity tools and platforms that have been infused with AI technologies that make it easier to identify anomalous behavior such as impossible travel login detections from two geographically different locations in rapid succession, anomalies created by unusual activity such as rare or one-off login times, unusual file access patterns, excessive account creations, and communications with known malicious sites.

Defending organizations from cyberattacks is going to undoubtedly become more challenging in the months ahead. The most important thing cybersecurity teams will need to have besides tools capable of thwarting these attacks will be the fortitude needed to persevere as the volume of these attacks only continues to exponentially increase.