AI driving virtual kidnappings growth globally
Virtual kidnappings are becoming more commonplace globally, warned Trend Micro, this week.
A virtual kidnapping is when bad actors produce a deep fake voice simulation of a child victim and use it to convince the parents or guardians that the child has been taken and then extort a ransom for their return.
The company says this trend emerged in the first half of 2023, as the use of AI by cyber criminals is becoming more efficient.
“Recently, malicious actors have abused AI technology to accurately impersonate real people as part of their attacks and scams. In fact, imposter scams, such as virtual kidnapping are becoming increasingly rampant,” says Trend Micro.
The Trend Micro 2023 Midyear Cybersecurity Threat Report claims the company blocked more than 86 million email threats, around four million malicious URLs and over 4 000 malicious mobile apps targeted at South African businesses and consumers, between January and June 2023.
Trend Micro says ChatGPT, and other AI tools, are enabling criminals to automate the gathering of information, formation of target groups, and identification of vulnerable behaviours.
It says: “This is helping them lure big-name victims in ‘harpoon whaling’ attacks.
“Whaling involves tricking executives and directors, through phishing campaigns for the purpose of stealing information or siphoning large sums of money. Harpoon whaling, on the other hand involves extensive research on targeted individuals.
“This attack is a highly targeted social engineering scam that involves emails crafted with a sense of urgency and that contain personalised information about the targeted executive or director.”
Trend Micro’s report also covers other trends in criminal techniques, tactics and threat actor activity.
“With each passing month the local threat landscape becomes more intricate and convoluted. Our latest research shows that illegal actors are shifting targets and getting increasingly creative to become more efficient and prolific,” says Gareth Redelinghuys, country managing director, African Cluster, Trend Micro.
Further, it says ransomware groups are collaborating on ever shifting targets.
During the first half of 2023, almost 15 million malware families were blocked by the company in South Africa, it claims.
“Ransomware, in particular, is a challenge for local companies, with almost 2 500 ransomware detections in June alone,” says the company.
Looking ahead, the company warns that threat actors are innovating, finding new ways to target victims.
The company highlights that connected cars contain over 100 million lines of code.
“As more smart cars saturate the market, attackers will try to gain access to user account data and leverage it for crimes. By hijacking or stealing such an account via phishing for credentials or installing malware, a cyber criminal could locate the car, break into it and potentially sell it on for parts or follow-on crimes. They might even be able to locate the owner’s home address and target it for burglary when they’re not in.”