The Commonwealth Bank of Australia (CBA), and Australia Largest financial institution has alerted the public on being a major target of cybercriminals. The threat actors, are said to employ various sophisticated technique which include false social media advertisement, Malvertising, and use of deep fake technology to impersonate high profile employees of the organization.
Casting a wider net from conventional phishing techniques, CBA noted that there has been a noticeable exponential trend of threat actors employing more advanced TTP.
According to the Cyber Defense General Manager at CBA Andrew Pade he disclosed that:
“We’re seeing a trend in which traditional phishing attacks are sort of shifting because people are becoming more aware.”
This revelation indicates threat actors are shifting their trend from traditional email scamming to targeting bank customer’s via social media platforms.
HOW THE HACKERS USED DEEPFAKE AI VIDEOS:
The hackers are not just concerned about redirecting the banks legitimate products/services, but create deepfake video through the use of generative artificial intelligence.
These videos are majorly faces of trusted and high profile staffs of CBA, and encoded to promote the fake products of the hacker.
Andrew further described that:
“We also see the growing trend of gen AI (generative Artificial Intelligence) video, where threat actors create fake CBA videos with prominent CBA employees who are known.”
THE NEED FOR PROPER SOCIAL MEDIA ACCOUNT VETTING:
In the ongoing advancement of threat actors, CBA has shown its concerns on social media accounts (e.g. Facebook, and Instagram), being properly vetted.
The bank has advised its customers to be on the lookout and properly exercise caution, likening ads on social media to suspicious emails.
Andrew Emphasized that:
“People when they’re on these social media platforms, they kind of lower their guard, because they think that the ads have been vetted and trusted by the social media platform.”
Commonwealth Bank of Australia, has gone ahead to implement Artificial intelligence capable of scanning over 240-billion online reported incident, to hunt these malicious ads across all platforms. Although, the bank admitted that social media poses some limitation due to take down procedures outlined by these organization, which may delay in the removal of these malicious contents.
Please do let us know in the comment section what are your thoughts about this.