- Business AI Cyber Attacks Explained:
- Understanding what AI Voice Scamming is, and how it affects you:
- Get in contact for your Business IT Support
- TimelineAI Voice Phishing
- Why Cybersecurity is overlooked by businesses:
- Latest Threats from AI use in Company Cyber Crime:
- A final word on AI Cyber Attacks
- References
Business AI Cyber Attacks Explained:
While Artificial Intelligence accelerates innovation across multiple sectors in business and for personal use, it also poses some significant risks. Especially as it relates to becoming a tool for exploitation by cyber criminals. Here is what you need to know about AI Cyber Attacks.
Understanding what AI Voice Scamming is, and how it affects you:
To better understand what AI Voice Scamming is, first it is crucial to understand what is meant by ‘AI Voice’. An Artificial Intelligence Voice is essentially an audio output intended to replicate someone’s voice, to speak the words the user has inputted. An example of this would be where someone has created an AI Voice to match one of their favourite celebrities, getting them to speak the words the creator has inputted into a text box. The video below gives a good example of this.
Get in contact for your Business IT Support
Timeline
AI Voice Phishing
1. Data Collection
Cyber criminals collect voice recordings from public phone calls, recordings or social media.
2. AI Voice Training
Cyber attackers use Al to study recordings and mimic them, allowing them to say whatever they want.
3. Script
Scammers prepare scripts that will sound convincing and legitimate to victims, making use of the Al Voice that was trained, typically of someone the victim knows and trusts.
4. Scam Execution
The Al Voice and Script is used to execute a phone call, to ask the victim to pass sensitive information.
5. Data theft
While the average person may see the fun side to this, there lies a problem. Cyber criminals may use these tools to manipulate employees into transferring funds, giving remote access to a server, or revealing sensitive information, for example.
A high-profile case of this occurred when British multinational company, WPP, was targeted with such an attack. The cyber attackers used this method of AI Voice to attempt to persuade an ‘agency leader’ into setting up a new business, wiring money and sending personal details. (The Guardian, 2024)
With regular reports of high profile organisations being victims of cyber fraud, now is the time to consider if you have done enough to mitiagte your risks. After the NHS was hacked there was an interesting comment from the NHS spokesman:
“This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.“
Why Cybersecurity is overlooked by businesses:
Despite the ever-growing reliance on cyber security in businesses, many companies are still neglecting the need for it. According to https://www.gov.uk/ ‘Half of businesses (50%) and around a third of charities (32%) report having experienced some form of cyber security breach or attack in the last 12 months. This is much higher for medium-sized businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual income (66%).’ Given such a high statistic of attacks targeting businesses, one would think that cyber security would be made a priority. (gov.uk, 2024)
One of the main concerns, particularly with small to medium-sized businesses, as to why they would ignore cyber security, is due to the cost. They may worry about the cost of training and investing in the necessary cyber tools. However, they are ignoring the potential cost of recovering from a cyber-attack were it to occur, which would be far greater than that of implementing the security measure in the first place. It is important that businesses prepare for potential cyber-attacks. According to the latest data on www.gov.uk, these attacks can cost medium to large businesses on average £10,830, and this is for the much ‘simpler’ cyber-attacks. An example of an organisation that suffered from a cyber-attack due to poor cyber security is Hackney Council. In 2020, they suffered a ransomware attack that cost them £12 million to recover from. (Wired, 2023) Also, Capita, as of 2023, responded to a ransomware attack that is costing them around £20 million to resolve. (The Times UK, 2023)
Latest Threats from AI use in Company Cyber Crime:
AI Enhanced Phishing Emails/Messages:
This is a type of deceptive message that cyber attackers use to make it look like it came from a trusted source, such as a bank, or someone within the company you work for. The goal of this is to trick the receiver into giving away personal information, such as passwords or other sensitive information. Cyber attackers can leverage AI now to make these messages even more convincing, making it important for businesses to understand how to detect phishing.
AI Voice Phishing
As mentioned above, one of the newer methods of leveraging AI as a means of cyber-attack on a business is to use AI Voices. These can be used to create automated voice calls that can engage with victims over the phone, rather than just sticking to messaging or emailing. This type of AI is also so sophisticated that it can learn what someone’s voice is like and use that voice to further convince the victim that the ‘person’ they are talking to is genuine.
AI Enhanced Malware Development:
AI can be used by cyber attackers to create advanced malware that can be hidden from anti-viruses. This is due to AI enabling the code of the malware to change with each execution, making it so that anti-virus software will find struggle to detect it, if at all. This could lead to computer systems being completely overridden with malware, and lead to cyber attackers potentially gaining remote access, allowing them to see and access everything within the computers system.
A final word on AI Cyber Attacks
In summary, with the continuous evolution of AI, though it is excellent at innovation and reducing the time spent on tasks, the threat of cyber attacks grows ever greater. The recent emergence of AI Voice scamming enhances phishing capabilities for cyber attackers, enabling them to target prone businesses much easier. As shown in the data from www.gov.uk with half of businesses being targeted, the need for cyber security now is higher than ever.
Ignoring the need for cybersecurity is not just an oversight, it is a liability.
Awareness, proactive defences and continuous monitoring is essential to protect against such attacks on a business. As this technology evolves, so must a business’s security, to ensure that AI serves a business as a tool, rather than an attacker.
References
gov.uk, 2024. gov.uk. [Online]
Available at: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024
The Guardian, 2024. The Guardian. [Online]
Available at: https://www.theguardian.com/technology/article/2024/may/10/ceo-wpp-deepfake-scam
The Times UK, 2023. The Times UK. [Online]
Available at: https://www.thetimes.co.uk/article/recovery-from-capita-hack-to-cost-up-to-20m-v3x06fgbj
Wired, 2023. Wired. [Online]
Available at: https://www.wired.com/story/ransomware-attack-recovery-hackney/