Latest news with #BrettWinterford
Scoop
11 hours ago
- Business
- Scoop
Okta Observes Weaponisation Of AI Tool V0 In Phishing Campaigns
Okta Threat Intelligence has observed threat actors leveraging AI-powered development tools to develop phishing infrastructure with little more than a few natural language prompts. Okta Threat Intelligence observed a cluster of phishing activity leveraging a generative AI-powered development tool created by Vercel, to develop and host multiple phishing sites that impersonate sign-in pages for legitimate brands, including Okta, Microsoft 365 and cryptocurrency companies. The platform allows users to generate web interfaces using simple natural language prompts. Okta researchers confirmed that attackers are using this capability to rapidly develop convincing phishing pages that spoof well-known brands, increasing the scale, speed and believability of their campaigns. 'This marks an expected turning point in adversarial use of AI,' said Brett Winterford, Vice President at Okta Threat Intelligence. 'We had anticipated we would soon enough see attackers stepping up from using AI to create convincing phishing lures, to now using AI to create the infrastructure that supports phishing campaigns at scale. With these tools, the least skilled adversary can build convincing phishing infrastructure in seconds. This is a wake-up call for every organisation that relies on outdated defences like password-based logins. You can't rely on perimeter defence and awareness campaigns alone to mitigate attacks: you need passwordless solutions that remove the ability of users to submit a credential to an attacker.' Okta has also observed attackers using public GitHub repositories to clone v0 or build custom generative tools, further democratising access to advanced phishing capabilities. To defend against AI-generated phishing threats, Okta Threat Intelligence recommends: · Require phishing-resistant authentication: Deploy and enforce the use of phishing-resistant methods such as Okta FastPass, which cryptographically binds the user to the site they enrolled with. · Bind access to trusted devices: Use device trust policies to ensure only managed or security-compliant devices can access sensitive applications. · Trigger step-up authentication for anomalies: Use Okta Behaviour Detection and Network Zones to require additional verification when unusual patterns are detected. · Update security awareness programs: Educate employees on the evolving sophistication of AI-powered social engineering. Okta Threat Intelligence is a unit within Okta that develops timely, highly relevant and actionable insights about the threat environment, with a strong focus on identity-based threats. The security contacts at Okta customers can access a detailed security advisory at the Okta Security Trust Center.
Sky News AU
a day ago
- Sky News AU
‘These attacks are going to continue': Qantas cyber breach impacts six million
Okta Global Head of Threat Intelligence Brett Winterford has warned organisations data breaches are 'going to continue' after Qantas was targeted in a major cyberattack last week. 'This is an adversary we track very closely, they are a group of young people globally distributed, but mostly in Western countries,' Mr Winterford told Sky News Australia. 'I think organisations need to assume these attacks are going to continue."
&w=3840&q=100)
First Post
4 days ago
- Business
- First Post
Thanks to AI, hackers can create phishing sites in just 30 seconds
Hackers are now using AI tools like Vercel's v0 to create phishing websites in under 30 seconds. A new Okta report reveals how generative AI is helping cybercriminals build convincing login pages to steal credentials, escalating phishing threats and challenging traditional cybersecurity defences. read more Hackers are now using generative AI tools to rapidly create phishing websites, some in as little as 30 seconds, posing a major cybersecurity risk, according to researchers at identity and access management firm Okta. What's happening: In a report shared with Axios, Okta revealed that cybercriminals are exploiting v0, a generative AI website builder developed by Vercel to create fake login pages. One such page was an almost exact copy of Okta's own sign-in portal, potentially allowing attackers to steal user credentials and access sensitive company systems. Why it matters: This marks the first time Okta has seen AI being used to generate not just phishing messages, but the phishing websites themselves. If attackers had succeeded in their deception, it could have led to major breaches across corporate networks. How it works: The v0 tool allows anyone to build websites using simple natural-language prompts. Okta researchers demonstrated that a realistic phishing site could be created by simply instructing v0 to 'build a copy of the website Further investigation found similar phishing pages targeting Microsoft 365 and cryptocurrency platforms—all hosted on Vercel's infrastructure. Threat landscape: Though Okta has not confirmed whether any credentials were actually stolen, the company discovered that attackers quickly created new phishing sites for other tech services during the course of its investigation. Vercel has since taken down the fraudulent websites and is working closely with Okta to introduce abuse-reporting mechanisms on the v0 platform. 'Like any powerful tool, v0 can be misused,' Ty Sbano, Vercel's Chief Information Security Officer told Axios. 'We're investing in systems and partnerships to detect abuse quickly and ensure v0 serves its intended purpose—helping developers build legitimate web apps.' STORY CONTINUES BELOW THIS AD Bigger picture: Experts have long warned that generative AI could empower less technically skilled attackers to launch convincing phishing campaigns at scale. Brett Winterford, VP of Threat Intelligence at Okta, cautioned that defenders can't keep up with attackers simply by making small improvements. 'We need to rethink our approach—bad actors are evolving faster than traditional security systems can keep up,' Winterford said. What's worse: Okta also discovered cloned versions of the v0 tool circulating on GitHub. This means even if Vercel cracks down on misuse, hackers could continue deploying AI-generated phishing websites using offline or repurposed copies of the tool. The takeaway: Traditional ways of spotting phishing websites—like checking for typos or odd URLs—are quickly becoming obsolete. Okta stresses the urgent need to move toward password less security systems, which could be far more resilient against these AI-enhanced attacks.
Axios
5 days ago
- Business
- Axios
Hackers abuse generative AI tool to create phishing sites in 30 seconds
In as little as 30 seconds, hackers are using a popular generative AI development tool to build phishing sites mimicking login pages, according to researchers at identity management company Okta. Why it matters: At least one of the cloned phishing pages was a replica of Okta's own login portal. If successful, such a lure could have allowed attackers to harvest users' Okta credentials and gain access to sensitive corporate systems. Driving the news: In a report first shared with Axios, Okta revealed that threat actors have been abusing Vercel's v0 to generate a fake Okta sign-in page. Brett Winterford, vice president of Okta Threat Intelligence, told Axios that this is the first time the company has seen cybercriminals use a generative AI tool to create the phishing infrastructure itself, not just the contents of a phishing email or other lure. How it works: v0 allows users to create websites using only natural-language prompts. In a video shared with Axios, Okta researchers demonstrated how easily they could create a convincing phishing page simply by prompting v0 to "build a copy of the website While investigating the incident, Okta also uncovered phishing sites hosted on Vercel's platform targeting users of cryptocurrency services and Microsoft 365. Threat level: Winterford said Okta doesn't have any evidence yet that hackers successfully harvested credentials through these sites. But in the weeks that Okta spent investigating the one instance of a phishing site targeting one of its customers, researchers observed threat actors had used v0 to spin up new sites targeting other tech platforms. Vercel has since removed access to the identified phishing sites and is collaborating with Okta to develop mechanisms for third-party reporting of abuse on the v0 platform. "Like any powerful tool, v0 can be misused," Ty Sbano, CISO at Vercel, told Axios in a statement. "This is an industry-wide challenge, and at Vercel, we're investing in systems and partnerships to catch abuse quickly and keep v0 focused on what it does best: helping people build powerful web apps." The big picture: Security researchers have long warned that generative AI could accelerate low-sophistication cyberattacks like phishing. "We've got to stop adding to our defensive measures by increment and just tweaking around the edges," Winterford said. "The attackers are going to innovate faster than we can as defenders." The intrigue: Okta also found cloned versions of the v0 tool circulating on GitHub, meaning hackers could continue generating phishing sites even if Vercel cracks down on abuse. The bottom line: Okta says the only way to defend against these phishing attacks is to turn to passwordless technologies, noting that the old ways of spotting a phishing website don't apply anymore.
