Threats Without Borders - Issue 145
Cyber-Financial Crime Investigation Newsletter, week ending August 27, 2023
Putting this first since it seems to be hard to find.
I was recently asked, "What cyber-fraud trend keeps you awake at night?" The obvious answer is email phishing, but I offered a more sinister social engineering technique that isn’t a trend, YET. It is coming though, and I think if your organization isn’t starting to think about how to deal with it, you’ll be eaten by it. The use of artificial intelligence to impersonate a human voice is going to be a terror.
AI voice-impersonation is the the use of deepfake technology to manipulate audio or visual content using AI algorithms to create realistic, but entirely fabricated media. In the context of voice impersonation, AI can analyze vast amounts of audio data from the target individual in a short amount of time and recreate their unique vocal patterns, nuances, and mannerisms. This enables the creation of computer-generated voices that are nearly indistinguishable from the real person by emulating the cadence, accent, and emotions.
With the rise of voice impersonation, financial institutions face an entirely new cyber threat. Cybercriminals can use this technology to craft fraudulent voice calls that appear legitimate by mimicking the voices of customers, or bank employees in the reverse scheme. These attackers can manipulate victims into divulging confidential information or authorizing unauthorized transactions.
Imagine the scope of social engineering attacks that will be conducted once the bad guys perfect the criminal use of this technology!
If you have not heard much about voice-impersonation, or cloning, check out what Eleven Labs is doing in the space. https://elevenlabs.io/professional-voice-cloning
Several security companies are working to counter this through voice signature and imprinting technology that will compare the known customer's voice to the voice of the phone caller.
I suspect future account openings will also require a recoding of your voice!
Some News…
ONE BILLION DOLLARS…thats how much money the U.S. Department of Justice claims was laundered by the founders of cryptocurrency tumbler service Tornado Cash. Seriously, you think cybercrime isn’t a huge business? There is no other reason to use a tumbler service. https://www.forbes.com/sites/digital-assets/2023/08/25/tornado-cash-co-founders-charged-in-the-us-with-more-than-1-billion-in-money-laundering/?sh=a0b7cab7b992
Proving yet again that insider threats might be your most dangerous threat…Tesla admitted that two employees were responsible for the data breach that resulting in the exposure of more that 75,000 employees. The exposed information included names, addresses, phone numbers, employment-related records and Social Security numbers. Uh-Oh. https://techcrunch.com/2023/08/21/tesla-breach-employee-insider/
The data of over 2 million DuoLingo users is for sale on various dark web forums opening the users up to phishing and other social engineering attacks. The data includes a mixture of public login and real names, and non-public information, including email addresses and internal information related to the DuoLingo service. Bleeping Computer is reporting the DuoLingo API susceptible for the information scraping attack is still being used and exploited! https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/
File this one under too crazy to be true…but is. The CEO of a Pennsylvania company has been arrested for embezzling over 4 million dollars from the business for his own benefit. At one point he made a 24 Million Dollar sponsorship agreement with Andretti Motorsports to sponsor a race car. The business was never capable of maintaining that sponsorship. https://www.pennlive.com/crime/2023/08/former-ceo-of-central-pa-company-embezzled-stole-millions-for-personal-gain-police.html
The newest release of Kali Linux has been made available for download or upgrade. https://www.kali.org/blog/kali-linux-2023-3-release/
Whats the best way to use Microsoft Windows…on a Mac. Parallels Desktop 19 has been released. (Non-Sponsored endorsement - I use Parallels to run Windows and Linux VM’s on my Mac and I can’t say enough good about the quality of this software). https://www.parallels.com/blogs/parallels-desktop-19/
Cool Jobs
Global Financial Crimes, Vice President of U.S. Investigations. Morgan Stanley. https://morganstanley.eightfold.ai/careers?query=ID%3A%203234710&pid=549771476264&domain=morganstanley.com&sort_by=relevance&triggerGoButton=false&triggerGoButton=true
Chief Information Security Officer (CISO) - Ocean First Bank (NJ) https://workforcenow.adp.com/mascsr/default/mdf/recruitment/recruitment.html?cid=0210b444-6aa6-4e9f-be59-3a33db73b09a&ccId=19000101_000001&type=MP&lang=en_US&jobId=469303
Cool Tool
Find the cheat sheet - for anything. https://cheat-sheets.org/
Irrelevant
Has college football just become a “professional” minor league for the NFL? https://www.city-journal.org/article/college-footballs-twilight
Thanks for reading this weeks edition. Please consider sharing the newsletter with a colleague to help us grow. As always, feel free to reply to the deliver email to offer suggestions, criticism, or hate. Of course, thats been limited since I haven’t made lawyer jokes in a few weeks.
Matt
“ALL OF US COULD TAKE A LESSON FROM THE WEATHER, IT PAYS NO ATTENTION TO CRITICISM”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.