The Cutting Edge of AI Cyber Attacks: Deepfake Audio Used to Impersonate Senior Executives

#artificialintelligence

There is a great deal of public concern about deepfakes, most of it centered on the ramifications of being able to quickly and easily face-swap videos. That concern is certainly well-founded, but it may be obscuring an even more immediate threat – deepfake audio. Voice-swapping has already been put to use in at least a handful of artificial intelligence (AI) cyber attacks on businesses, enabling attackers to gain access to corporate networks and convince employees to authorize a money transfer. The primary use of deepfake audio is to enhance a very common type of attack – business email compromise (BEC). A business email compromise attack usually begins with some sort of phishing to gain access to the company network and reconnoiter the payment systems.


Fraudsters deepfake CEO's voice to trick manager into transferring $243,000

#artificialintelligence

It's already getting tough to discern real text from fake, genuine video from deepfake. Now, it appears that use of fake voice tech is on the rise too. That's according to the Wall Street Journal, which reported the first ever case of AI-based voice fraud -- aka vishing (short for "voice phishing") -- that cost a company $243,000. Don't miss Hard Fork Summit in Amsterdam In a sign that audio deepfakes are becoming eerily accurate, criminals sought the help of commercially available voice-generating AI software to impersonate the boss of a German parent company that owns a UK-based energy firm. They then tricked the latter's chief executive into urgently wiring said funds to a Hungarian supplier in an hour, with guarantees that the transfer would be reimbursed immediately.


Fraudsters deepfake CEO's voice to trick manager into transferring $243,000

#artificialintelligence

It's already getting tough to discern real text from fake, genuine video from deepfake. Now, it appears that use of fake voice tech is on the rise too. That's according to the Wall Street Journal, which reported a case of voice fraud -- aka vishing (short for "voice phishing") -- that cost a company $243,000. Find out at TNW's Hard Fork Summit In March, criminals sought the help of commercially available voice-generating AI software to impersonate the boss of a German parent company that owns a UK-based energy firm. They then tricked the latter's chief executive into urgently wiring said funds to a Hungarian supplier in an hour, with guarantees that the transfer would be reimbursed immediately.


3 Biggest Cyber Security Mistakes By Employees, How To Protect Against Them

International Business Times

Companies and organizations are investing more and more money into cyber security defenses to protect against targeted attacks and widespread malware outbreaks alike. The good news is the spending spree on defenses seems to be working. A recent report found retailers were spending more on cyber defenses and seeing fewer breaches. The bad news is there is one vulnerability that can never fully be fixed: humans. Read: Data Breaches Down For U.S. Retailers As Concern Of Attacks Increase While system vulnerabilities can be patched and security suites can be upgraded, people will always carry a certain level of risk, in part due to unavoidable human error and in part because they haven't been taught proper security protocols to avoid common pitfalls.


Researchers develop machine learning-based detector that stops lateral phishing attacks - Help Net Security

#artificialintelligence

Lateral phishing attacks – scams targeting users from compromised email accounts within an organization – are becoming an increasing concern in the U.S. Whereas in the past attackers would send phishing scams from email accounts external to an organization, recently there's been an explosion of email-borne scams in which an attackers compromise email accounts within organizations, and then uses those accounts to launch internal phishing emails to fellow employees – the kind of attacks known as lateral phishing. And when a phishing email comes from an internal account, the vast majority of email security systems can't stop it. Existing security systems largely detect cyber attacks that come from the outside, relying on signals like IP and domain reputation, which are ineffective when the email comes from an internal source. Lateral phishing attacks are also costly. FBI data shows that these cyberattacks caused more than $12 billion in losses between 2013-2018.