Kaspersky warns of a new cyber threat for companies: With 'corporate doxing', methods of doxing, which have so far been more familiar from the private sector, are used in the context of targeted attacks: whether simple e-mail or deep fake.
Kaspersky experts are currently observing a particularly large number of attacks using fake business emails (Business Email Compromise, BEC). At the same time, tricks for faking false identities (identity theft) are becoming more sophisticated. For example, deceptively real voices are already being imitated with the help of artificial intelligence, for example from board members or other high-ranking executives, with the help of which employees are tricked into disclosing confidential information or transferring money. These findings emerge from the Kaspersky analysis “Doxing in the corporate sector”.
Doxing attack on bosses or employees
It has never been easier than today to research information such as employment status, whereabouts, certain preferences or even the private environment of individual people or employees online and then use this information for a cyber attack, for example. This method, known as doxing, can also be used as a Business Email Compromise (BEC) against companies or organizations. The Kaspersky experts counted 2021 BEC attacks worldwide in February 1.646 alone.
Call from CEO, but who is actually on the phone?
In addition to BEC attacks, there is a large repertoire of possibilities for damaging companies with the help of generally available information. The usual and well-known methods such as phishing or the creation of company profiles with the help of data leaks are joined by other creative approaches to use the latest technologies.
One of the most popular strategies for corporate doxing is identity theft, in which doxers misuse their identities based on the collection of information about individual employees. The fake tweets from well-known politicians and CEOs such as Elon Musk, who promised alleged Corona aid, recently showed how effective identity theft can be in connection with social media [2]. New technologies such as deepfakes make it easier to carry out such initiatives, provided that public data is already available. For example, a deepfake video could pretend that it came from a specific employee and damage the company's reputation. Doxer would only need publicly available video material showing the actual target employee and basic personal information.
Forging votes with the help of AI
Voices could also be abused. With the help of artificial intelligence and publicly accessible voice recordings of high-ranking people, it is possible to imitate their voice and language in terms of sound, intonation and possible accent in a deceptively real way. In this way, fraudulent orders can be given to employees by the supposed boss over the phone. Insurers already reported such successful scams with the help of AI in 2019 [3].
"Whereas doxing was previously more of an issue for private users and celebrities - as the numerous scandals in connection with social media show - this phenomenon as corporate doxing now also poses a real danger for confidential company data that should not be underestimated," warns Roman Dedenok , security researcher at Kaspersky. “As with individuals, corporate doxing can result in financial and reputational losses. The more sensitive the stolen confidential information material, the greater the damage. At the same time, however, strict security precautions by companies can prevent or at least massively curb doxing.”
Doxing with deep fakes
“The new possibility of generating deceptively real deep fakes with the help of artificial intelligence, whether as audio or video, makes corporate doxing even more promising for cybercriminals,” adds Christian Funk, head of the research and analysis team in the DACH region at Kaspersky . “Successful attacks of this type have already occurred. Companies and other institutions must quickly adapt to these new types of fraud attempts and sensitize their employees.” More information about doxing methods used by cybercriminals against companies can be found in the analysis “Doxing in the corporate sector”.
More at SecureList on Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/