Social engineering is rapidly advancing at the speed of generating AI. It offers bad actors techniques to research, scop and exploit multiple new tools and techniques. In recent communications, the FBI noted:
In this article, we will explore some of the effects of this genai fuel acceleration. For IT leaders, we look at what it means for IT leaders who are responsible for managing defenses and mitigating vulnerabilities.
More realism, better portrayal, multilingual attack scenarios
Traditional social engineering methods usually involve impersonating someone the target knows. The attacker communicates by hiding behind the email and adding several psychological triggers to increase the likelihood of a successful violation. They probably ask for urgent action, so the target is less likely to pause and question it. Or you want the email to come from the employee’s CEO and you want the respect for employee authority to not question the message.
When using voice, the attacker may instead pretend to be someone whose target is not speaking (and recognizes the voice). You may be pretending from another department or an external partner.
Of course, these methods often fall apart when the target wants to somehow confirm his identity. Want to check their appearance or see how they write in real-time chat?
But now that Genai has joined the conversation, things have changed.
The rise in Deepfake video means that enemies no longer need to hide behind the keyboard. These are blended with authentic recordings to analyze and reproduce human habits and speech. Then, it’s simply when you tell Deepfark to say something, or use it as a digital mask to replicate what the attacker says in front of the camera.
An increase in digital-first work that remote workers are used for virtual meetings means it’s easier to explain possible warning signs. Unnatural movements or sounds with slightly different voices? I blame it for bad connections. By face to face, this adds a layer of credibility that supports our natural instincts and supports thinking that we believe in seeing.
Voice cloning technology means that attackers can speak any voice, and can attack voice phishing, also known as vising. This growing technology’s capabilities are reflected in AI’s open recommendations for banks to “phasise voice-based authentication as a security measure for access to bank accounts and other sensitive information.” .
Text-based communication is also converted in genai. With the rise of LLMS, malicious actors can operate at a speaker level that is closer to natives, and the output can be trained in local dialects for even more fluent flow. This opens the door to a new market for social engineering attacks, and languages are no longer blockers when selecting targets.
Bringing order to unstructured OSINT using Genai
If someone gets online, they leave a digital footprint somewhere. Depending on what they share, this can sometimes be enough to impersonate them or reveal enough information to compromise their identity. They may share their birthdays on Facebook, post their employment locations on LinkedIn, and post photos of their home, family and life on Instagram.
These actions provide a way to build a profile for use in social engineering attacks against connected individuals and organizations. In the past, collecting all this information is a long and manual process. You are searching each social media channel and trying to join the dot between people’s posts and public information.
Now AI can do all this with HyperSpeed, scrutinizing unstructured data into the internet, obtaining, organizing and classifying all possible matches. This includes a facial recognition system that allows you to upload someone’s photos and find all the locations that are displayed online in the search engine.
Furthermore, the information is publicly available, allowing you to access this information and aggregate it anonymously. Even if you’re using paid Genai tools, stolen accounts are still sold on the dark web, giving attackers another way to hide their activity, usage, and queries.
Turn your data into a treasure trove
The massive data leak has released 3 billion 2024 sensitive information from over 533 million Facebook users whose details (including birthdays, phone numbers and locations) were breached in 2021. This is a fact of modern digital life from more than anyone else on Yahoo users. Manually sifting data trobes on these volumes is practical or impossible.
Instead, people can leverage Genai tools to autonomously sort large amounts of content. These can find data that can be used maliciously, such as horror, weaponizing civil debate, stealing intellectual property hidden in documents.
AI maps document creators (using the form of named entity recognition) to establish guilty connections between various parties, such as wire transfers and confidential discussions.
Many tools are open source and can be customized by users with plugins and modules. For example, Recon-NG can be set for use cases such as email harvesting or OSINT collection. Other tools, such as Red Reaper, are not for public use. It is a form of spy AI that can sift through hundreds of thousands of emails to detect sensitive information that can be used against an organization.
Genai Genie is not coming out of the bottle – is your business exposed?
Attackers can now use the Internet as a database. You will need data as a starting point, such as your name, email address, and image. Genai can get to work and run real-time queries to unlock connections and relationships and process them.
Then, it’s often about choosing the right tool for the right exploit at scale and running it autonomously. Whether it’s deepfake video and audio cloning, or LLM-based conversation-driven attacks. These would have been limited to a selection group of experts with the necessary knowledge. Today, the landscape is democratized with the rise of “hacking as a service” that does a lot of work for cybercriminals.
So what kind of information can you find potentially compromised information about your organization?
We have built a threat monitoring tool that will tell you. Crack every corner of the internet, letting you know which data is there, and can be exploited to build an excuse for an effective attack, so attackers take action before they first reach it. You can wake it up.
Source link
