AI Deepfake is an imminent and impending danger.

This week we saw a very sophisticated attack using deepfake video. In summary, a Hong Kong financial company was targeted and an employee was social engineered into diverting $25 Million in funds. The employee joined a call with a Deepfake video of the CFO and was tricked into transferring money. I believe there may be more to this story as the details unfold…

This is extremely dangerous for a few reasons and points to an imminent threat from AI Deepfake and not for the obvious reasons.

What this attack taught bad actors, is social engineering and AI Deepfake is a viable method of extorting funds… This is incredibly dangerous.

As security tools have improved on desktop, we have actually gotten better at stopping Ransomware. Even though there was a rise in Ransomware attacks last year, as a whole, the security tooling available is improving. Endpoint Detection, Security Keys (Passwordless) and now companies that can decrypt ransomware. As adaptation of these technologies improves in the marketplace, our arsenal against ransomware is actually improving. Over the next year it will become increasingly hard for bad actors to deploy consistently effective ransomware attacks.

What the attack in Hong Kong taught us (and the bad guys) is these types of attacks are a very viable alternative to ransomware to gain funds…. that’s the danger.

While this attack was complex, it is far easier to Deepfake and social engineer then execute a ransomware attack for the bad guys. The scary part, is an attacker doesn’t have to worry about getting stopped by all of the security tools like EDR, Security Keys, Decryption. All of those tools are essentially rendered useless with Social Engineering and this type of attack.

So, attackers now know they have a good method of getting paid without the risk of getting blocked or caught. Scoring a $25 million payday for bad guys is pretty lucrative, especially considering Ransomware payments are not guaranteed….

This leaves your employees as the first and last line of defense for these types of attacks.

We will likely see an explosion of attacks similar to what we saw in Hong Kong very quickly because of this success. Put yourself in the shoes of a bad guy, easier approach to gaining funds, less risk of getting caught, evading security tools… Bad guys are opportunistic, this attack taught everyone there is a lot of opportunity with deepfake and social engineering.

This is an imminent threat.

Share This Information

THE CLOUD

IS IN OUR DNA.