Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Impersonation Attack. Show all posts
Phishing Attack
African Union Commission Artificial Intelligence AUC Cyber Crime Deep Fakes Impersonation Attack Phishing Attack

Impersonation Attack: Cybercriminals Impersonates AUC Head Using AI


Online fraudsters, in another shocking case, have used AI technology to pose as Moussa Faki Mahamat, the chairman of the African Union Commission. This bold cybercrime revealed gaps in the African Union (AU) leadership's communication channels as imposters successfully mimicked Faki's voice, held video conferences with European leaders, and even set up meetings under false pretence.

About the African Union Commission and its Leadership

The African Union Commission (AUC) is an executive and administrative body, functioning as the secretariat of the African Union (AU). It plays a crucial role in coordinating AU operations and communicating with foreign partners, much like the European Commission does inside the European Union. 

The chairperson of the AUC, Moussa Faki Mahamat, often holds formal meetings with global leaders through a “note verbal.” The AU leadership regularly schedules meetings with representatives of other nations or international organizations using these diplomatic notes.

However, now the routine meetings are unfortunately disrupted due the cybercrime activities revolving around AI. The cybercriminals apparently successfully impersonated Mahamat, conducting meetings under his guise. The imitation, which went so far as to mimic Faki's voice, alarmed leaders in Europe and the AUC.

About the Impersonation Attack

The cybercriminal further copied the email addresses, disguised as AUC’s deputy chief of staff of the AUC in order to set up phone conversations between Faki and foreign leaders. They even went to several European leaders' meetings, using deepfake video editing to pass for Faki.

After realizing the issue, the AUC reported these incidents, confirming that it would communicate with foreign governments through legitimate diplomatic channels, usually through their embassies in Addis Ababa, the home of the AU headquarters.

The AUC has categorized these fraudulent emails as “phishing,” suggesting that the threat actors may have attempted to acquire digital identities for illicit access to critical data. 

Digitalization and Cybersecurity Challenges in Africa

While Africa’s digital economy has had a positive impact on its overall economy, with an estimate of USD 180 billion by 2025, the rapid development in digitalization has also contributed to an increase in cyber threats. According to estimates posted on the Investment Monitor website, cybercrime alone might cost the continent up to USD 4 billion annually.

While the AUC have expressed regrets over the event of a deepfake of the identity of Moussa Faki Mahamat, the organization did not provide any further details of the investigation involved or the identity of the criminals. Neither did the AUC mention any future plans to improve their cyber landscape in regard to deepfake attacks.

The incident has further highlighted the significance of more robust cybersecurity measures and careful channel monitoring for government and international organizations.

Read more »
User Privacy
Data Breach Data Leak Data Safety Impersonation Attack Privacy Safety User Data User Privacy

Norton LifeLock Issues a Warning for Password Manager Account Breach

 

Customers of Norton LifeLock have been the victims of a credential-stuffing attack. In accordance with the company, cyberattackers utilised a third-party list of stolen username and password combinations to attempt to hack into Norton accounts and possibly password managers. 

Gen Digital, the LifeLock brand's owner, is mailing data-breach notifications to customers, mentioning that the activity was detected on December 12 when its IDS systems detected "an unusually high number of failed logins" on Norton accounts. According to the company, after a 10-day investigation, the activity dates back to December 1. 

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers had access to names, phone numbers, and mailing addresses from any Norton account. And it added, "we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password." 

Those "details" are, of course, the strong passwords generated for any online services used by the victim, such as corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and so on.

Threat actors utilize a list of logins acquired from another source — such as purchasing cracked account information on the Dark Web — to try against new accounts, hoping that users have repurposed their email addresses and passwords across multiple services. As a result, the irony of the Norton incident is not lost on Roger Grimes, KnowBe4's data-driven defense evangelist.

"If I understand the reported facts, the irony is that the victimized users would have probably been protected if they had used their involved password manager to create strong passwords on their Norton login account. Password managers create strong, perfectly random passwords that are essentially unguessable and uncrackable. The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager," he stated via email.

Identity and access management systems have recently been attacked by attackers, as a single compromise can unlock a veritable treasure trove of information across high-value accounts for attackers, not to mention a variety of enterprise pivot points for moving deeper into networks.

LastPass, for example, was targeted in August 2022 through an impersonation attack in which cyber attackers breached its development environment and stole source code and customer data. A follow-up attack on a cloud storage bucket utilized by the company occurred last month.

In March of last year, Okta revealed that cyberattackers had used a third-party customer support engineer's system to obtain access to an Okta back-end administrative panel used for customer management, among other things. There were approximately 366 customers affected, with two actual data breaches occurring.
Read more »
Subscribe to: Posts (Atom)