Weapon of Mass Destruction  - Voice AI-based Attack

Many people think that getting key personal information can be very hard, but it's now becoming easier than ever.

Last week, I was reading how Elon Musk let go of thousands of people at Twitter using an AI-based bot that was trained to reproduce a message using the voice of famous people. I find it clownish but VERY dangerous.

This impersonation technology, used in the wrong hands, could lead to someone obtaining critical information about a business. It's even better than phishing.

Even a combination of both (plus some threat intelligence) could be the perfect weapon to utilize in a malicious campaign.

Imagine this: you record the voice of any C-level position in a company - let’s say Procurement Manager. Train the bot to recognize the voice, and then we call the Finance Manager with it and ask him/her to transfer money to an external party, using a phishing mail which impersonates the Procurement Manager.

Bingo! It's money in the bank.

In fact, it's already happening.

There are even more terrible attacks that I won’t describe, but this will be a weapon of mass destruction.

Conclusion: cybersecurity offensive techniques are evolving very quickly and a black hat can do a lot of harm without the right company controls and processes.

My advice:

1. Check everything twice.

2. Have the correct processes in place in your company before moving a finger.

3. Train your workforce, family and friends. 

AI Voice attack - Social Engineering 3.0. There is no mitigation method for Voice impersonation.