t cht lk
t cht lk
Vasily Dyagilev, Regional Director, Middle East, RCIS at Check Point Software Technologies
• Hong Kong( January 2024) where a multinational firm suffered a US $ 25 million loss due to a deepfake video scam. Attackers used AI-generated deepfake videos to impersonate the company ' s CFO and other employees during a video conference call, exploiting group dynamics to dispel a finance worker ' s doubts.
• UK( May 2024) where in an unsuccessful but alarming attempt, attackers used a fake WhatsApp account, AI-generated voice cloning and manipulated YouTube footage. They impersonated a CEO during a Microsoft Teams meeting, aiming to trick an agency leader into setting up a new business entity to solicit funds and personal details.
AI analysis boosting reconnaissance corporate correspondence, targeting financial staff with urgent money transfer requests. These emails were error-free and contextually accurate, bypassing traditional filters and highlighting the effectiveness of AI-enhanced BEC attacks.
Deepfakes are becoming the ultimate impersonation
Beyond sophisticated emails, deepfakes have added an entirely new dimension to phishing. These synthetic media, created using deep learning, can fabricate realistic images, audio or video to impersonate individuals, fake voice messages or simulate video calls. What was once limited to highly skilled individuals is now easily accessible, with Deloitte reporting that 25.9 % of executives have experienced one or more deepfake incidents.
Consider these‘ in the wild’ examples:
• UAE( 2020) where a bank manager lost approximately US $ 35 million after falling victim to an AI-driven phishing attack. Threat actors used deepfake voice technology to impersonate a company director, whose voice was cloned from publicly available audio samples. Spoofed emails from the‘ director’ and a‘ lawyer’ lent further legitimacy.
AI ' s role in phishing isn ' t limited to content generation
and deepfakes. AI-powered data analysis allows attackers to harvest and analyse vast datasets from social media, public records and breached databases at unprecedented speeds. This facilitates highly targeted spear-phishing campaigns tailored to specific individuals or organisations.
AI can predict victim behaviours and optimise attack timing. For instance, AI can analyse communication patterns within an organisation to determine the ideal moment to deploy a phishing email mimicking a CEO’ s tone and style, significantly increasing success rates.
As AI models become more powerful, threat actors are effectively receiving the same upgrades for highly targeted reconnaissance. Advanced features in models like Grok 3 and ChatGPT 4.0 allow for rapid analysis of public information. This means AI can forecast highvalue opportunities, crafting campaigns that exploit trends before organisations can implement defences.
We ' re witnessing a significant shift, where Artificial Intelligence( AI) is not just a tool for defence but also a potent weapon. Our latest ebook, AI & Speed in Cyber, delves into this critical shift, highlighting how AI is impacting brand protection, malware infections and the relentless surge of phishing attacks. p
www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 49