Israel warns of AI cyber-attacks by voice impersonating of senior executives
JERUSALEM, July 9 — The Israel National Cyber Directorate (INCD) issued a warning on Tuesday of a new type of cyber-attack, using artificial intelligence (AI) technology to impersonate senior company executives.
In this method instructions are given to companies’ employees to perform transactions such as money transfers, as well as malicious activity on the company’s network.
Recently, reports on cyber-attacks of this kind were received at the operational center of the INCD.
The new offensive is of BEC (business email compromise) type – frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker’s benefit.
The most common types are phishing messages, and an invoice fraud in which the attacker impersonates the vendor, submits an invoice to the company, and tries to motivate an employee under time pressure to make a bank transfer, provide information, or allow access to the company’s network.
Now, the method of attack escalates, and includes the use of the AI-based software, which makes voice phishing calls to senior executives.
The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the CEO.
Today there are already programs that, after listening 20 minutes to a particular voice, are able to speak in the same voice whatever the user types.
According to the INCD, for an organization that falls prey to such fraud, economic damage may be high.
In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organizations – such as training employees, paying attention to deviations in organizational processes, verifying instructions and using technological means to prevent misuse of email. – XINHUA