top of page

Deepfakes start to show their hand: February's most interesting cybersecurity news

Deepfakes start to show their hand: February's most interesting cybersecurity news


In the 18th century, Catherine The Great toured her newly conquered territories in Crimea. Military leader Grigory Potemkin wanted to beautify the barren landscapes his monarch would be surveying, so he erected elaborate facades of towns that looked real from a distance. These so-called Potemkin Villages have since turned out to be mostly legends, but there are plenty of examples of how 'seeing is believing' is not bulletproof advice. Just asked the Torjans about a particular wooden horse…


The past 18 months have produced the modern equivalent of Potemkin Villages and Trojan Horses: deepfakes. When these digital fakes became mainstream last year, experts warned that they could cause cyber security issues. It did not take long for that threat to become a reality.


February started with a bang, a £20 million deepfake heist—one of the cybersecurity stories that caught our attention during February:


Deepfake attacks become ambitious

If you see news that Romania's Central Bank Chief is promoting an investment opportunity, just move along. In the scam videos, Mugur Isarescu seems to be promoting fraudulent investments, which he never did. A similar deepfake scam featuring Marcel Ciolacu, Romania's Prime Minister, had also surfaced. In these attacks, reputable people are faked to promote scams. The tactic is also becoming more targeted. A clerk at an undisclosed Hong Kong business was invited to a video conference call attended by several senior people from her company, including the CFO, who instructed her to transfer around £20 million to various bank accounts. But the CFO and other attendees appear to have been deepfakes.


Trojan attacks iOS facial recognition

Biometrics such as facial recognition are superior security measures to passwords. But they aren't infallible, even on security-conscious Apple devices. Late last year, researchers uncovered the GoldDigger trojan that targets financial institutions. As they dug deeper, they found a wider family of trojans aimed at banks and similar businesses, most recently identifying GoldPickaxe.iOS. This trojan can collect facial recognition data and identity documents and intercept SMS messages on iOS devices. For the trojan to work, users must download and install an infected app—the criminals behind the trojan use multi-stage social engineering to achieve this. Once installed, the trojan will send crucial information to the criminals, enabling them to bypass biometric and multi-factor security, then execute transactions on victims' bank accounts.


Criminals are launching attacks using public cloud platforms

It's not a revelation that criminal groups use public cloud platforms such as Amazon Web Services and Google Cloud Platform to launch attacks. By exploiting the scalable architecture and taking advantage of new user signup bonuses, cybercriminals can quickly deploy and expand attacks, then move on once their operation is uncovered. But these types of attacks are growing. In late February, researchers warned that criminals are using Google Cloud Run's container platform to launch large phishing campaigns. Most of the attacks deliver the Astaroth, Mekotio, and Ousaban banking trojans, primarily targeting Latin America, though smaller campaigns have also surfaced in Europe and North America. Other public cloud platforms are also being similarly abused: a new script called SNS Sender lets criminals send bulk SMS spam through AWS' SNS service. The phishing messages dupe users into clicking a link, which installs malware on their devices.


OpenAI shuts down nation state-sponsored attacks

Generative AI might be a boon for cybercriminals, but the companies that own these systems are fighting back. ChatGPT's OpenAI identified and closed accounts by nation-state cybercrime groups attempting to misuse the AI. Two China-affiliated groups (Charcoal Typhoon and Salmon Typhoon), Iran-affiliated criminals Crimson Sandstorm, North Korea-affiliated Emerald Sleet, and the Russia-affiliated cyber criminals Forest Blizzard tried to use ChatGPT for different tasks. These include researching various companies and cybersecurity tools, generating content likely for spear-phishing campaigns, basic scripting tasks, and open-source research into satellite communication protocols and radar imaging technology.


bottom of page