The Israel National Cyber Directorate (INCD) has issued a warning of a new type of cyber attack, using artificial intelligence (AI) technology to impersonate senior company executives. In this method, instructions are given to the companies staff members to perform transactions such as money transfers, as well as malicious activity on the company’s network.
Recently, reports on cyber attacks of this kind were received at the operations centre of the INCD, Xinhua news agency reported.
The new offensive is of the business email compromise (BEC) type — frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker”s benefit.
The most common types are phishing messages and an invoicing fraud in which the attacker impersonates the vendor, submits an invoice to the company and tries to motivate an employee under time pressure to make a bank transfer, provide information or allow access to the company”s network.
The method of attack escalates and includes the use of the AI-based software, which makes voice phishing calls to senior executives. The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).
Today, there are already programs that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types. According to the INCD, for an organization that falls prey to such fraud, economic damage may be high.
In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organizations — such as training employees, paying attention to deviations in organizational processes, verifying instructions and using technological means to prevent misuse of email.