In recent years, the cyber threat intelligence community has identified risks about the alarming increase of 'deepfake' technology. This technology allows for the creation of compelling fake audio and video. Fraudsters exploit it to target companies and individuals, posing a significant cybersecurity threat.
"Deepfakes" use AI to take existing sound and video clips to create a new recording that shows someone saying or doing anything the deepfake tool is programmed to mimic.
Common types of deepfakes include;
LastPass, the password manager application, has issued a warning that one of its employees fell victim to a social engineering attack involving an audio deepfake, which imitated the voice of the company's CEO.
LastPass' Senior principal intelligence analyst, Mike Kosak, had this to say about the incident in a recent blog post:
"In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp."
Mike goes on to explain, "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team."
Mike explained that there was no impact on LastPass as a company, and this was a fortunate close call.
He emphasised the need to raise awareness about the growing threat of deepfakes, which are increasingly linked to identity theft and can have severe consequences for both individuals and businesses.
LastPass reported this incident to point out that deepfakes aren't just for high-level espionage anymore; they're also being used in common scams that impersonate company executives.
Mike emphasised the importance of verifying suspicious contacts who say they're affiliated with your company by using the official communication channels.
Cybercriminals constantly seek new opportunities to exploit vulnerabilities, making it crucial for businesses to update their defences continuously. Securing email is essential, as it remains the primary way cybercriminals gain access to a company. Additionally, even with deepfakes, these are often combined with business email compromise tactics.
Silver Lining empowers your workforce to make informed security decisions daily. By taking advantage of our services, such as our Phishing Simulation, we can help you protect your business and your employees.
Our simulation features our expert team creating a customised phishing email designed specifically for your company. The email contains a strategically placed link that tempts your employees to click, leading them to a fake landing page closely monitored by our advanced tracking system.
Should any employees fall for this simulated phishing attack, you will be notified immediately, allowing you to educate them and prevent future breaches.
Identified employees will receive personalised training from our solution system to fill any knowledge gaps, protecting them against future threats and safeguarding sensitive data from leaks.
