In a warning, an Israeli cyber body has unearthed a new type of attack where hackers are using Artificial Intelligence (AI) technology to impersonate senior company executives.
The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).
The most common types are phishing messages and an invoicing fraud in which the attacker impersonates the vendor, submits an invoice to the company and tries to motivate an employee under time pressure to make a bank transfer, provide information or allow access to the company’s network, informed the Israel National Cyber Directorate (INCD).
In this method, instructions are given to the companies staff members to perform transactions such as money transfers, as well as malicious activity on the company’s network. Reports on cyber attacks of this kind were received at the operations center of the INCD, reports Xinhua.
The new offensive is of the business email compromise (BEC) type – frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker’s benefit.
The method of attack escalates and includes the use of the AI-based software, which makes voice phishing calls to senior executives. Today, there are already programs that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types.
According to the INCD, for an organization that falls prey to such fraud, economic damage may be high.
In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organizations — such as training employees, paying attention to deviations in organizational processes, verifying instructions and using technological means to prevent misuse of email.