A new variant of cyberattack has left hundreds of ethical hacking experts speechless. According to a report by an international media, a hacker group has used artificial intelligence-powered software to clone the voice of the executive director of an energy company to transfer more than €240k.
“The CEO of the company received a seemingly usual call; at the other end of the phone line, hackers mimicked the executive director’s voice, asking the CEO to make a payment to a provider in Europe,” the report reads. Although the CEO was not mentioned the name of the alleged supplier company, based in Hungary, the call was convincing enough to mislead the CEO and get the transaction to take place. “The CEO says he noticed his boss’s delicate German accent during the call, so he didn’t hesitate to perform the requested operation,” the specialists say.
The attack was good enough to replicate the voice of the company’s executive, a man of German origin. According to ethical hacking specialists, it had previously considered using artificial intelligence in the deployment of cyberattacks, so this could only be the beginning of a wave of malicious operations using this kind of software.
“This could be a massive challenge for thousands of companies around the world, as cyberattack methods are advancing rapidly and, in many cases, companies have very limited security tools or, at worst, do not have any cybersecurity measures at all,” the experts say.
Philipp Amann, director of Europol’s European Cybercrime Centre, mentions that the authorities do not have sufficient reports to determine whether this is the first cybercrime perpetrated by artificial intelligence. In addition, the researcher emphasizes on the little optimistic scenario that might arise in the future: “If hackers succeed, the frequency with which these crimes are presented will increase,” says Amann.
On the other hand, ethical hacking specialists from the International Institute of Cyber Security (IICS) agree that such attacks will be seen more often in the future, consolidating as the evolution of phishing attacks, bringing the actors of threats activities of broad destructive power in a company or government agency.