Combatting AI-backed cyber threats with FIDO2 and advanced authentication

By Josh Blackwelder, Deputy CISO at SentinelOne

With the advent of AI-backed cyber threats, the need for robust digital security has never been more pressing. This is even more imperative for financial services organisations tasked with safeguarding sensitive data, ensuring secure financial transactions, and upholding regulatory compliance to preserve customer trust.

Yet, the continued dependence on passwords emerges as a prime vulnerability. Outdated credential systems, dating back to the early days of the Internet, are leaving organisations exposed to advanced cyber threats powered by AI. Just a single identity breach can lead to the disruption of the entire business, jeopardising the security of the organisation as well as its partners and customers.

Avenues to credential compromise

Although authentication methods have modernised, the use of alphanumeric passwords prevails – and with it comes the risk of compromising organisational security. A staggering 86% of breaches involve the use of stolen credentials, per Verizon’s 2023 Data Breach Investigations Report.

There are two primary routes to credential compromise – phishing attacks and device compromise.

Phishing attacks powered by AI

Among the organisations that have identified any cyber crime in the past twelve months, 89 percent were phishing attacks. Defending against phishing and other social engineering attacks is no easy task.

Josh Blackwelder

With AI, adversaries can craft malicious emails that are far more compelling and at scale. Attackers can create deceptive emails or texts mimicking the company IT department, luring employees into clicking malicious links with fake prompts for password changes or requests to enter credentials to get rid of pesky notifications.

AI has significantly lowered the barriers to entry for bad actors, who no longer require more sophisticated knowledge and tactics to breach systems – instead preferring to trick their victims into exposing sensitive login information.

Unsecured devices

With remote work and personal devices comes increased cyber risk. Identifying and approving all the devices on the network is a constant challenge for IT teams. Usernames, passwords, and two-factor authentication methods are relied on to identify and approve devices.

However, if a compromises a user’s login information, they might also be able to bypass the additional authentication step, leaving the network exposed.  

And while single sign-on (SSO) reduces the number of login credentials users need to manage – and that hackers can attack – it also poses an increased risk if compromised. SSO becomes a single point of failure, providing access to all of the user’s profiles across all the tools that are connected to the sign-on. The impact of an SSO Panel takeover attack is that every new application tile that is clicked by the attacker creates a new session that must be revoked outside of the user’s identity provider (IdP) session.

For example, if the attacker clicks on 20 application tiles, the security team must revoke each session for all 20 applications. (Okta, a provider of identity and access management software, has a new feature called Universal Logout that will be released sometime this year.)

In addition to revoking each application tile session, the attacker could have created persistence in each of these applications, like new user accounts outside of the IdP. In addition, if the employee had admin application rights or the ability to perform third-party integrations or file shares, each of these methods would need to be investigated in the application logs, and all these malicious actions would need to be researched and reversed.

Device compromise isn’t just a technical challenge, it’s also a significant operational vulnerability.

Addressing security gap with FIDO2

FIDO2 is the latest open authentication standard released by the FIDO Alliance. FIDO stands for Fast Identity Online, but the solution delivers much more than fast authentication. Using unique cryptographic login credentials for every site is a stronger and more convenient alternative for user authentication. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.

Many common workplace devices already support FIDO2 for secure logins. This includes those that use fingerprint scanners, facial recognition, or security keys like key cards or NFC wands.

The key advantage of this system is the balance between user devices and software authentication, similar to the authentication of the leading smartphone brands. FIDO2 prevents multi-factor takeover issues from push bomb attacks, SIM swap attacks, and tokens from man-in-the-middle phishing attacks. Without passing the established approvals and verifying credentials, FIDO2 stops access to applications and data. Also, the keys are uniquely generated for every website, meaning users can’t be tracked across the internet, increasing privacy. This functionality is vital for financial services organisations, as it adds a layer of security for the sensitive data they operate with.

Lastly, FIDO2 is convenient for users, and any organisation that has integrated new processes will attest that one deciding factor of successful change depends on how easy new systems and protocols are to use and access.

Stronger authentication to secure endpoints and the cloud

In the age of social engineering and remote devices, adversaries will continue to pursue these lucrative paths to targeting high-value organisations, particularly financial services firms. An essential step in bolstering cybersecurity is closing the gaps created by weak passwords, notoriously reused across multiple applications and devices.

FIDO2 is a timely and crucial solution, offering a reimagined approach to credential authorisation aimed at safeguarding organisations against today’s cyber threats. It offers a passwordless user authentication method that addresses security, convenience, privacy, and scalability concerns that traditional passwords fail to address. Addressing this vulnerability on corporate devices calls for urgent action from the management level.


Explore more