Cyber Security Weekly Podcast

Cyber Security Weekly Podcast


Episode 427 - Phishing, Voice Clones, Deepfakes

December 05, 2024

Jane Lo, MySecurity Media Singapore Correspondent sat down with Syed Ubaid Ali Jafri, Head of Cyber Defense and Offensive Security at Habib Bank Limited (HBL), at Tech Week Singapore, to get his insights on the sophistication of these threats. We delved into:

Motivations for Attacks on Financial Institutions:

  • Financial gain and data exploitation are prime motivations behind phishing and cyber attacks targeting banks. Attackers seek customer data, card details, and account balances, which they can use to extort or sell for profit.
  • Financial institutions are particularly vulnerable due to their reputational concerns, leading some to pay ransoms to protect customer privacy.

Increasing Accessibility of Cybercrime Tools:

  • Advanced phishing tools, previously available only on the dark web, are now accessible on the surface web, enabling even less-skilled cybercriminals to launch attacks.
  • With the rise of AI, non-experts can craft convincing phishing emails, bypassing traditional spam filters and reaching unsuspecting targets.

Role of AI in Sophisticated Cyber Attacks:

  • Gen AI and voice cloning technology make phishing more personalized and convincing, allowing attackers to craft emails and messages that mimic the target’s language and communication style.
  • The evolution from simple phishing to sophisticated voice and deepfake attacks was also highlighted, showing how AI can now be used to clone voices and create realistic fake videos with as few as 15 images.

Challenges in Detecting AI-Driven Phishing and Deepfake Attacks:

  • Deepfake technology makes it challenging for the average user to distinguish between real and fake communications. Convincing voice and video deepfakes are increasingly used in spear-phishing, targeting specific individuals with tailored scams.
  • AI-powered tools generate flawless text, removing traditional phishing indicators like spelling errors or urgency cues, which previously helped users identify phishing emails.

Recommendations for Protection:

  • Users are advised to be cautious about what they share online, as personal information posted publicly can help cybercriminals tailor their attacks.
  • Security tools like deepfake detection software can help individuals identify fake voices or videos, though awareness and cautious online behavior remain critical.
  • Cybersecurity education is essential, with both vendors and users needing awareness of AI-driven threats to implement better protective measures

Recorded 10th Oct 2024, Tech Week Singapore 2024, 12.40pm.

#mysecuritytv