Israel’s foremost cyber intelligence bureau, the Israel National Cyber Directorate (INCD) has put out a warning to the world at large.
Apparently, there’s a new type of cyber attack against corporates on the rise, that makes use of artificial intelligence. INCD found a new type of phishing attack which uses AI(Artificial Intelligence) based voice system.
Phishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web site, auction sites, banks, online payment processors or IT administrators. The reach of phishing attacks become wider in recent time and now it becomes more harmful.
Earlier this week, the Israel National Cyber Directorate (INCD) issued a warning of a new type of cyber-attack that leverages artificial intelligence technology to impersonate senior enterprise executives. The method instructs company employees to perform transactions including money transfers and other malicious activity on the network
The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).
The most common types are phishing messages and an invoicing fraud in which the attacker impersonates the vendor, submits an invoice to the company and tries to motivate an employee under time pressure to make a bank transfer, provide information or allow access to the company’s network, informed the Israel National Cyber Directorate (INCD).
In this method, instructions are given to the companies’ staff members to perform transactions such as money transfers, as well as malicious activity on the company’s network. Reports on cyber-attacks of this kind were received at the operations center of the INCD, reports Xinhua.
The new offensive is of the business email compromise (BEC) type — frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker’s benefit. The method of attack escalates and includes the use of the AI-based software, which makes voice phishing calls to senior executives.
Today, there are already programs that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types. According to the INCD, for an organization that falls prey to such fraud, economic damage may be high.
Though INCD is publicizing the phishing method, there’s not a whole lot they have to say about stopping it. After all, this is the sort of attack that targets the weakest link in a cybersecurity system; the human.
In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organizations — such as training employees, paying attention to deviations in organizational processes, verifying instructions and using technological means to prevent misuse of email.