The rise of generative AI offers plenty of promise for efficiencies and productivity, but it’s also a new attack vector for cybercriminals. Resecurity reports that AI agents and conversational platforms are being targeted by attackers. These platforms are a target because of all the data they collect from users. Emerging threats include data exposure and exfiltration of user data, system resource consumption, supply chain attacks and more.
Generative AI security solutions company Pillar Security found a 90% success rate for data threats due to leakage of sensitive data. The information was part of its State of Attacks on GenAI, compiled from the company’s telemetry data tracking generative AI applications.
AI and generative AI are a couple of the topics we’ll cover at MSSP Alert Live in Austin, Oct 14-16. ConnectWise CISO Patrick Beggs will address for the first time publicly how he used AI to help incident response efforts following the ScreenConnect crisis earlier this year. He’ll be joined on stage by the company’s head of PR who will talk about using AI for crisis communications. We’ll also be addressing the market opportunity for AI services, plus we’ll have breakout sessions that take a deeper dive into AI’s application in cybersecurity.
Sound interesting? If you are an MSSP and/or MSP, I can get you a special rate to attend. Get in touch with me at [email protected] and I will hook you up.
And as always, please send your news, tips and insights to me at [email protected].
Today’s MSSP Market Update
1. Ransomware severity rises - Ransomware claims severity spiked by 68% to an average loss of $353,000 even as their frequency as an attack strategy decreased in the first half of the year, according to Coalition’s mid-year report. Coalition calls itself an “Active Insurance” provider because the company offers both cybersecurity insurance and cybersecurity services.
2. GenAI vulnerabilities - Generative AI security solutions company Pillar Security’s State of Attacks on GenAI found a 90% success rate for data threats due to leakage of sensitive data and a 20% success rate for jailbreak attack attempts that bypassed GenAI application guardrails. Data is gathered from the company’s telemetry data from generative AI applications. The report also found that adversaries require an average of 42 seconds to execute an attack and only needed five interactions on average to complete a successful attack.
3. Protecting AI systems from threats - A new blog post from Resecurity says that cybercriminals are targeting AI agents and conversational platforms which collect data from users. Emerging threats include data exposure and exfiltration of user data, system resource consumption, coding logic errors, supply chain risk, and propagation of malicious code.
4. New MSSP partnerships - Abstract Security, which focuses on building AI-enabled security operations announced partnerships with several new MSSPs, saying it has positioned itself as channel friendly, saying the majority of its new business deals come through the channel.
5. New GTM Leader - Aryaka has appointed Chris Ranalli as Chief Revenue Officer. Ranalli will oversee Aryaka’s go-to-market strategy and execution as the company continues to capitalize on the rapidly expanding unified SASE as a Service market.
6. CIOs eye networking and security - A CIO survey from Extreme Networks found that 22% of respondents ranked integrating networking and security as their key concern and 88% said they would prefer a single integrated platform for networking, AI, and security.
7. Financial services vertical's cybersecurity concerns - Are financial services companies prepared for the next cyberattack? Not according to a new study by LevelBlue which reports that 69% of financial services respondents believe cybersecurity is an afterthought in their organizations with another 72% confirming efforts are often siloed. What’s more, 66% of financial services respondents say that cybersecurity resilience initiatives are not sufficiently factored into the organization’s budget with, 85% of saying their budgets are reactive rather than proactive.
8. Phishing alert - New research from Cofense Intelligence identifies a phishing campaign that leverages GitHub links to bypass Secure Email Gateway (SEG) security. The campaign targets taxpayers with promises of tax filing assistance. Recipients are directed to a GitHub link containing malicious malware disguised as tax-related documents. If victims open the "tax documents," Remcos RAT malware will install on their computers, granting threat actors remote access.
9. Platform update adds Microsoft directory support - Netwrix Threat Manager’s most recent update expands the platform capabilities for the cloud environment of Microsoft Entra ID (formerly Azure AD) and on-premises instances of Active Directory (AD).
Looking for more news and a list of industry events? Check out the daily news column on our affiliate site ChannelE2E here.