Tag: Deepfakes

AI to supercharge Deepfakes, Ransomware and Phishing Attacks.

Every 39 seconds a cyberattack is happening somewhere in the world. And, while cybercrime involving large organisations, like the HSE or Sony, makes headlines; in reality, small and medium businesses are three-times more likely to be victims of attack, due to weak defences.

Current cyber threats facing businesses in Ireland, and what can be done to manage them, is the subject of the annual Irish Reporting and Information Security Service cybercrime conference, in Dublin in November.

IRISSCON 2024 takes place on November 6th next, at The Aviva Stadium in Dublin, featuring expert speakers and delegates from all over the world, as well as the popular Cybersecurity Challenge, testing the skills of would-be hackers to break the system!

Jake Moore, global cybersecurity advisor for security software company, ESET, is a keynote speaker. With a 14-year background in the UK police force, in digital forensics and cybercrime, Moore now helps businesses bolster their cybersecurity, blending real-world crime insights and social engineering techniques, with advanced digital security strategy, to combat ever-evolving cyber threats.

Attackers have been known to spend over 200 days in an organisation’s network, unnoticed, before launching any sort of attack, he says.

“Once a hacker has breached an organisation’s network through unprotected endpoints, like a mobile phone, laptop or IoT device, it takes around one minute, 84 seconds on average, to move laterally and get deeper into the network.

“That is not a lot of time for any network security to react, and, once the harm is done, it takes 73 days, on average, to contain the breach. So, the objective is to prevent the network access in the first place.”

Ransomware and phishing attacks remain top threats, according to the ESET software developers. Cybercriminals use AI algorithms to analyse vast amounts of their target segments’ data. They look at social media profiles, online behaviour, recent purchases and other publicly available information to create very personalised phishing and social engineering attacks.
Your Voice is my Password

With Artificial Intelligence affecting every single industry, AI obviously benefits cybercriminals too, Jake Moore says.

“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI supercharged. New defences are needed to protect companies from this next generation of attacks.”

The ESET expert’s work with clients begins with some very telling practical examples of their vulnerabilities. Jake Moore has hacked businesses using AI voice cloning technology, stealing money, completely unnoticed, in minutes.

He has also, in the guise of work, hacked a police station. Having socially engineered his way into the police station, he was able to steal a laptop, break the encryption, hack into the entire network, and change the password of the Head of Professional Standards, without being caught.

Moore also engineered a targeted phishing attack, via LinkedIn, on the CEO of a company, illustrating how easy it is to manipulate people into handing over their account credentials, and data, using hacking tools widely available on the internet, (if you know where to look).

Simple social engineering techniques, like psychological manipulation, tricks users into making security mistakes, or giving away sensitive information, so the criminal can take over their email account, website, or even their life, the cybersecurity pro says.

Conference updates and bookings are available on the IRISSCON website: https://iriss.ie/irisscon/#about

Deepfakes and Hacktivism Take Centre Stage at Cyber Leader Summit in Belfast

Deepfakes have jumped from the pages of science fiction to become a legitimate business risk that could influence polls in the upcoming UK election . That was one of the messages from Deryck Mitchelson, Global CISO at Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading AI-powered, cloud-delivered cyber security platform provider, when he spoke at the Cyber Leader Summit held in Belfast at the Titantic Belfast on the 14th of February. As these sophisticated manipulations proliferate, the integrity of democratic processes faces unprecedented challenges, highlighting the urgent need for robust defences against AI-driven disinformation campaigns.

The one-day event brought together over 110 delegates and experts from Check Point, Microsoft, GitHub and Women in Cyber Security, among others, to explore the biggest cyber threats facing organisations today. It is the first time the event has been held in Belfast, which is fast becoming a hub for major players in the technology space.

During his presentation, Deryck explored the topic of Artificial Intelligence (AI) in relation to cybercrime and its influence on attack methods. He discussed how it has evolved to become a serious instrument in a cybercriminal’s arsenal when executing phishing, ransomware or hacktivism campaigns. “AI is not a new notion; we have been using it as the brain behind our threat intelligence for many years, “said Deryck. “However, the technology has changed so rapidly over the last twelve months and new versions such as Generative AI (GenAI) have made it more attainable for cybercriminals. While these skills were once reserved for technically minded hackers, anyone with access to the internet and free online tools can now generate alarmingly realistic phishing emails with a few good prompts.”

Deryck went on to share examples of how deepfakes, including voice clones, have had an impact on businesses and could potentially influence major events such as the general elections later this year. There have been several incidents recently, including a worker in Hong Kong who paid out £20 million to a fraudster impersonating a CFO during a conference call. However, he was also clear that defenders are using AI to fight fire with fire. He added: “Deepfakes used to be the work of science fiction, but they are now a legitimate risk for businesses and their bank balances. They could also be used to influence public opinion during the upcoming elections.

“It is important that we don’t underestimate the potential impact this technology could have on organisations of all sizes. The good news is that companies like Check Point are leveraging the power of AI and Deep Learning to predict and prevent attacks from happening.”

In the morning, delegates also heard from other industry experts such as Lotem Finkelstein, Director of Threat Intelligence at Check Point. He provided insights into the world of hybrid cyberwarfare, demystifying the role of cybercrime during time of conflict. Other sessions included talks from Lesley Kipling, Chief Advisor at Microsoft on the importance of zero trust and Martin Woodward, VP of Developer Relations at GitHub regarding vulnerability fixes in open source.

The afternoon featured more presentations with Jennifer Cox, Director at Women in Cyber Security advocating for diversity in the industry, before the day finished on a panel discussion where experts covered a range of topics, including bringing new talent into the industry. This was a sentiment shared by Seamus McCorry, Check Point’s country manager, in his closing remarks. He was keen to emphasise the potential for Northern Ireland to become a cybersecurity powerhouse.

Seamus said: “We have a great pool of talent coming through our universities and it is important that we engage and encourage this new generation to live and work in this vibrant city. The cybersecurity industry is a thriving business, and together we can build a resilient future.”