I have been considering the above question since I joined BlastWave, and the more I do my research, the more I think it is true. A few articles worth reading:
Both of these articles talk extensively about how hackers and criminals use GenAI to craft better phishing emails and research targets. This results in more effective emails tricking the user because they use the right “voice” of the spoofed identity. They also use the research to reference things that the target of the phishing attack might not realize that an attacker could find out. For example, social media reveals a trip or an activity that can be referenced by email to show an intimate knowledge of the target. This might seem far-fetched for a consumer attack, but a nation-state-sponsored attack on critical infrastructure would try to leverage this ability.
Combine this with the use of GenAI by cybercriminals in attacks resulting in data leaks that include passwords (Even LastPass has suffered data breaches), and we now have an untenable situation for passwords. I accept that the shift in the IT world may take a while to resolve, but there is less time and room for error in the OT world, where a steady stream of hacks has occurred over the last year. The impact of the attacks is growing, and countries worldwide are ramping up their efforts to improve security and attack detection.
With GenAI emerging as a powerful tool for hackers, security solutions that still rely on or promote passwords will eventually fail. MFA that does not rely on passwords must become a best practice for OT environments, or the rise of incidents resulting from credentials leaks will explode in 2024. Even MFA has some issues, but we will talk about that in a future blog ;-)
If you want to learn how to evolve your OT security with a phishing-resistant solution, click here to get a demo of the BlastWave solution.
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.