720-891-1663

Seeing is DEFINITELY Not believing

We used say seeing is believing. With AI that is definitely not the case.

Hong Kong police reported that a finance worker for a multinational firm was tricked into paying out $25 million to crooks. He was tricked into participating in a Zoom call, supposedly with the company’s CFO, along with others. It turns out everyone other than him was AI generated. He did as directed by the fake CFO and paid the crooks $25 million.

The Hong Kong police said they had made six arrests in connection with similar scams.

On at least 20 occasions AI deepfakes had been used to trick facial recognitions programs by imitating the people pictured on stolen or fake identity cards.

In another case, North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls. In this case, executives are being tricked into installing malware via AI-generated video calls. The calls are between the target executives and their deepfake bosses.

In this twist, the fake boss gets the executive to install Mac spyware, targeting crypto firms.

Threat actors are evolving. The APT group known as TA444, Sapphire Sleet and COPERNICIUM, is using deep fakes of the victims’ own leadership to sell the ruse.

 “The use of AI-generated deepfakes in real-time video calls, combined with personalized social engineering, represents a major shift in the sophistication of cyberattacks.” says Randolph Barr, CISO at Cequence.

This particular attack delivered a wide range of Mac malware including info-stealers, keylogger and backdoors, showing unusually advanced tradecraft.

Sometimes the initial intrusion is a seemingly benign Google Meet invite.

In another attack, similar social engineering plus malware attacks trick job seekers into opening malware laced files shared by a fake recruiter.

These attacks are really hard to defend against. Enhanced technical defenses against the actual malicious code can help, but these attacks are very sophisticated and have a degree of realism we have not seen before.

These attacks often try to exfiltrate significant amounts of data and that can certainly trigger alerts if the right monitoring is in place. The malware may also try to move laterally inside the network and that, too, can be detected with the right monitoring tools.

If you are concerned and need assistance, please contact us.

Credit: CNN and CSO Online

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *