SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Rising cybersecurity threats push shift from passwords to passkeys
Tue, 28th Nov 2023

As cybersecurity threats continue to evolve, passkeys are becoming the frontline defence against malware, replacing traditional passwords with highly secure, phishing-resistant authentication methods, according to Yubico.

Malware, encompassing ransomware, viruses, and spyware, is increasingly used by cybercriminals to gain unauthorised access to networks, compromise data, and disrupt system functionality. Moderating their distribution within files or links, often delivered via email or text message, cyber criminals exploit human error to effectuate their attacks.

Ransomware, a particularly notorious variety of malware, locks users out, encrypts their files, and then demands a ransom in cryptocurrency. Organisations large and small are finding themselves ever more frequently in the crosshairs of these sophisticated and damaging attacks.

Recent data from the 2023 Data Breach Investigations Report highlights that 24% of all breaches involve ransomware. The report also found ransomware engaged in over 62% of incidents connected with organised crime and 59% of cases driven by financial motivations. Over the past year, high-profile targets such as telecommunications provider Optus and health insurance company Medibank were hit by these damaging cyberattacks.

"Hardware-bound passkeys, like those stored on the YubiKey, are an excellent tool for guarding against these increasingly sophisticated malware attacks," states Geoff Schomburgk, Regional Vice President, Asia Pacific & Japan (APJ) at Yubico. He continues, "They represent a significant leap in authentication security. Created using public key cryptography, they make a much stronger fortification than traditional passwords."

Although passkeys are not new, they are finally gaining the widespread recognition they deserve as WebAuthn/FIDO2 credentials that enable passwordless experiences. Often referred to as 'discoverable credentials' or 'resident credentials,' the term 'passkey' aims to simplify understanding these more secure, user-friendly authentication alternatives.

In the face of more sophisticated phishing attacks, traditional preventive measures like up-to-date antivirus programs, education about safe online practices, and recovery after a breach are no longer enough. Multi-factor authentication (MFA) is gaining traction as a viable solution to establish user trust and improve security. However, the potency of MFA rests on three key principles: non-reliance on shared secrets, resistance to credential phishing and impersonation, and the combination of scalability and user-friendliness.

Since 2018, YubiKeys by Yubico has been reinforcing strong authentication and protection against phishing and malware using passkeys. When encountering phishing links or suspicious files, YubiKeys prompts users to authenticate, verifying the authenticity of the request. Even when phishing links have legitimate SSL security certificates, this savvy device detects the attempted compromise and withholds authentication.

Schomburgk succinctly encapsulates the power of this technology, "Just as we use a vaccine to prevent the effects of a viral illness, the critical role of authentication hardware in warding off malware and cyberattacks cannot be overstated. It is, in essence, the most potent vaccine against cyber threats. Passkeys, such as those offered by Yubico on the YubiKey, are instrumental in the fight against malware, safeguarding the integrity of online interactions."