16 Feb Security Breach – 16 Feb 2024
In today’s digital age, where technology continues to evolve at a rapid pace, cybersecurity threats like phishing have become increasingly sophisticated. While traditional phishing emails often relied on fraudulent links or deceptive language, a new and more sinister trend has emerged: the use of deepfakes. A deepfake is a false piece of media, typically audio or video, in which bad actors manipulate or replace content to serve their purposes by making it appear as though it is authentic and created by the depicted individual. The advent of artificial intelligence (AI), especially generative AI, has helped cybercriminals create highly believable, sophisticated deepfakes that can fool even savvy victims.
Deepfakes can be distributed over email, messaging, phone calls, even video. One of the most dangerous gambits in deepfake email phishing is employing deepfakes to conduct successful business email compromise (BEC) attacks. A recent example of this is the disaster that recently befell a company in Hong Kong. The company recently lost $25 million to deepfake phishing after a worker in the finance department was taken in by a deepfake phishing scam. The attack started with email phishing, then evolved into an astonishing tale of deepfake phishing using a video call.
Deepfake use in cybercrime like BEC is a fairly new development that has only really become a major concern in the past few years. However, it is ramping up quickly. In fact, there were ten times more cybercrimes like identity theft fuelled by deepfakes in 2023 than in the previous year. Deepfake-fuelled attacks grew the most in North America and in the Asia-Pacific region in 2023, but there were major increases around the world.
Recent Breaches
South Korea – Hyundai – Carmaker
Exploit: Ransomware
Risk to Business: Severe: The Black Basta ransomware group claims that it has stolen 3TB of data from Hyundai Motor Europe. The carmaker confirmed that it is investigating a cybersecurity incident in which an unauthorised third party accessed a limited part of its network. As proof of the supposed hack, the group shared images of folders related to various departments at the company, including legal, sales, human resources, accounting, IT and management. No extortion demand was made public, and the incident remains under investigation.
United States – Bank of America – Bank
Exploit: Supply Chain
Risk to Business: Severe: Bank of America is informing customers that their personal information may have been exposed in a data breach. The breach occurred when one of its service providers, Infosys McCamish Systems (IMS), was hacked on November 3, 2023. The bank said that some customers’ personally identifiable information (PII) was exposed in the security breach including names, addresses, social security numbers, dates of birth and financial information, including account and credit card numbers. Bank of America said in a filing that 57,028 people were directly impacted.
Talk to a TCT team member today about implementing cyber security plan for your business.
Robert Brown
16/02/2024
Related Articles:
Cost Impact of a Data Breach for your business
Monetary Benefits of Cybersecurity Measures