Home Lead Story Can Mimicking...

Can Mimicking be Dangerous? Hackers Using Artificial Intelligence to Impersonate CEOs’ Voices

Today, there are already programmes that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types

0
hacking group
Over the last 12 months, Microsoft has delivered nearly 1,400 nation-state notifications to those who have been targeted or compromised by STRONTIUM. Pixabay

In a warning, an Israeli cyber body has unearthed a new type of attack where hackers are using Artificial Intelligence (AI) technology to impersonate senior company executives. The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).

The most common types are phishing messages and an invoicing fraud in which the attacker impersonates the vendor, submits an invoice to the company and tries to motivate an employee under time pressure to make a bank transfer, provide information or allow access to the company’s network, informed the Israel National Cyber Directorate (INCD).

In this method, instructions are given to the companies staff members to perform transactions such as money transfers, as well as malicious activity on the company’s network. Reports on cyber attacks of this kind were received at the operations centre of the INCD, reports Xinhua.

hackers, AI
In this method, instructions are given to the companies staff members to perform transactions such as money transfers, as well as malicious activity on the company’s network. Pixabay

The new offensive is of the business email compromise (BEC) type — frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker’s benefit.

ALSO READ: FDA Warns Patients about Cybersecurity Concerns with Certain Medtronic Insulin Pumps

The method of attack escalates and includes the use of the AI-based software, which makes voice phishing calls to senior executives. Today, there are already programmes that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types. According to the INCD, for an organization that falls prey to such fraud, economic damage may be high.

In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organizations — such as training employees, paying attention to deviations in organizational processes, verifying instructions and using technological means to prevent misuse of email. (IANS)

Next Story

Microsoft Lays Off News Production Workers; Replace Them With AI

A report suggests that Microsoft has cut off its editorial staff and replaced them with AI

0
Microsoft
Microsoft cuts off staff and replaces them with artificial intelligence. Pxabay

Microsoft is reportedly laying off at least 50 news production workers and replacing them with artificial intelligence (AI)-based algorithms to perform their editorial duties.

According to a report in the Seattle Times on Saturday, the roughly 50 employees contracted through staffing agencies Aquent, IFG and MAQ Consulting have been notified “that their services would no longer be needed beyond June 30”.

These news production contractors work with Microsoft News, the company’s news content arm that operates MSN.com and other properties.

A Microsoft spokesperson said in a statement that like all companies, they evaluate business on a regular basis.

“This can result in increased investment in some places and, from time to time, redeployment in others. These decisions are not the result of the current pandemic,” said the Microsoft spokesperson.

artificial-intelligence microsoft
All the work, duty and tasks of the workers will be performed by AI. Pixabay

Also Read: The Future Of India will Be Based on ‘Aatmanirbhar Bharat’

Some employees told Seattle Times that “MSN will use AI to replace the production work they’d been doing”.

The work includes using algorithms to identify trending news stories from dozens of publishing partners, rewrite headlines or adding better photographs or slide shows.

Besides the production work, the contract employees also planned content, maintained the editorial calendars of partner news websites and assigned content to them. (IANS)

Next Story

This Hacker Group is Selling User Data From 10 Firms For INR 13.6 Lakh Approx

The same hacker group was also behind selling a database of 22 million user records form online learning platform Unacademy on the Dark Web

0
Hackers
The hacker group is known as ShinyHunters, the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia. Pixabay

A hacker group is selling data of 10 companies including online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh).

Other companies are printing service Chatbooks, South Korean fashion platform SocialShare, online marketplace Minted, online newspaper Chronicle of Higher Education, South Korean furniture magazine GGuMim, health magazine Mindful and Indonesia online store Bhinneka, reports ZDNet. The listed databases have 73.2 million user records, with each database sold separately.

Please Follow NewsGram on Facebook To Get Latest Updates From Around The World!

The hacker group is known as ShinyHunters, the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia, Indonesia’s largest online store where a database of over 90 million user records was sold. A Microsoft spokesperson was quoted as saying that the company is investigating the incident.

The same hacker group was also behind selling a database of 22 million user records form online learning platform Unacademy on the Dark Web. Bengaluru-based edtech firm Unacademy said the all the sensitive data of its users was safe and the company was addressing the security issue.

Hackers
A hacker group is selling data of 10 companies including online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh). Pixabay

“We would like to assure our users that no sensitive information such as financial data or location has been breached,” said Hemesh Singh, Co- Founder and CTO, Unacademy. Encouraged by the profits from the Tokopedia sale, the same group has now listed the databases of 10 more companies.

“Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year that sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern,” according to the report.

ALSO READ: 14-Day Home Quarantine Compulsory for Keralites Returning From Other States: Kerala CM

BleepingComputer reported that cyber intelligence firm ZeroFox informed them that Shiny Hunters had begun selling databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for higher education. (IANS)

Next Story

Now, Hackers Targetting People With Links To Fake Zoom HR, Payroll Discussion Video Meetings

Scammers have turned to employment worries as their latest lure for Zoom phishing scams

0
Hackers
Scammers have turned to employment worries as their latest lure for Zoom phishing scams. Pixabay

Cybersecurity researchers at UK-based Sophos on Tuesday revealed hackers are now targeting people across the world with sending emailed with links to fake Zoom HR and payroll discussion video meetings to steal your personal and other credentials.

Scammers have turned to employment worries as their latest lure for Zoom phishing scams and researchers from the ‘Naked Security’ team at SophosLabs witnessed several examples of such phishing emails, with subject line saying “You are invited to join the q2 meeting”.

“This is a reminder that your scheduled Zoom meeting with Human Resources and Payroll Administrative Head will start in few minutes. Your presence is crucial to this meeting and equally required to commence this Q1 perfomance review meeting. Join this Live Meeting,” says one such bogus Zoom message. “The subject lines, message layout and meeting descriptions vary slightly, but the basic idea is the same,” revealed the cybersecurity team. There is the link in the Zoom message and once you click it, you will be directed to a portal with a login window that looks similar to video meet app Zoom.

Please Follow NewsGram on Instagram To Get Latest Updates From Around The World!

“The phishers probably don’t care what password you enter as long as it’s a valid one they can use on one of your accounts, but you’ll notice they’ve put the suggestion text Email Address Password into the password field instead of just Password as you see on Zoom’s page,” explained Sophos.

“Remember that access to your email account is likely to be worth a lot more to the crooks than your Zoom account would be, for the important reason that your email account is probably the way you go about doing password resets for many of your other accounts”.

Zoom
Cybersecurity researchers at UK-based Sophos on Tuesday revealed hackers are now targeting people across the world with sending emailed with links to fake Zoom HR and payroll discussion video meetings to steal your personal and other credentials. Pixabay

Whatever you enter as password on the fake site, you will end up redirected to a genuine and vaguely relevant Zoom help page, as though something went wrong and you should simply try again. “In this way, the crooks don’t need to simulate a successful login or to pretend that your login failed – they just leave you in one of those ‘I wonder what happened there’ moments where your inclination is simply to go back and start over,” said the researchers.

By the time you see the genuine Zoom help page, the email address and the password you entered have already been posted to the crooks instead of sent to Zoom. “If someone else is inviting you to a meeting, you shouldn’t need to login to Zoom first, given that they’re hosting. Don’t login after clicking links in emails,” advised the team.

ALSO READ: Tips to Find the Right Balance Between Work From and At Home

Zoom was yet to comment on the report. Enable two-factor authentication if you can. Zoom supports 2FA, based on one-time codes generated by an app on your phone, and most email services do, too.

“If you were phished, change your password at once. Even if you fall for a phish at first, many phishes are obvious after you put in your password because you don’t end up where you should and the deception stands out,” said the Sophos team. (IANS)