Beyond the Call: AI and Machine Learning’s Role in Evolving Vishing Cyber Threats
- AI & Machine Learning
- March 11, 2024
- Luis Maldonado
- discover.glass
Vishing, a fusion of “voice” and “phishing,” represents a sophisticated social engineering tactic that leverages telephonic communication to extract sensitive personal or administrative information. Though not a novel concept, historical instances underscore the enduring efficacy of vishing in breaching security barriers.
MGM Cyber Attack Analysis
Against the backdrop of historical precedents, the MGM Resorts cyberattack in September 2023, orchestrated by the Scattered Spider group utilizing ALPHV/BlackCat ransomware, stands out as a poignant example. Employing vishing as a pivotal element, the assailants adeptly simulated an MGM employee during a call to the IT help desk, successfully obtaining credentials that were then used to disrupt critical services such as card payments, knock out reservations sites, shut down ATMs and locked guests out of their hotel rooms. The ensuing compromise of customer data prompted MGM Resorts to implement comprehensive measures, including free credit monitoring.
AI-Trained Voices and Attackers' Profile
Developing an AI voice trainer requires a robust foundation in machine learning, deep learning, and audio signal processing. Proficiency in Python, the preeminent language for AI development, is indispensable. Aspiring developers must grasp intricate concepts such as feature extraction, it’s about pulling out key sounds from audio to help the AI understand speech, using Python tools like Librosa. Then, choosing the right neural network, like CNNs for spotting patterns or RNNs for sequences, is crucial, and that’s where PyTorch or Keras comes in handy. Finally, training the model is a delicate dance of teaching the AI with Python to recognize a wide range of voices without getting confused by too much information.
Data Acquisition Methods
In building their databases, attackers exploit an array of methods, including phishing, deceptive applications, social engineering, social media, podcasts, and recorded webinars or meetings, they meticulously harvest voice samples to craft vishing attacks—deceptive voice communications mimicking legitimate sources to extract sensitive information. They typically seek voice data that can be used to train machine learning models, enabling them to clone voices or create convincing audio deepfakes. This could involve capturing specific phrases that can be used to bypass voice authentication systems or collecting samples of a target’s speech mannerisms and tone, which can be used to impersonate individuals in fraudulent activities. The aim is often to create a voice database comprehensive enough to manipulate voice recognition systems or to trick an unsuspecting victim into revealing personal or financial information.