Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label identity. Show all posts
Verification
AI Cyber Fraud Cybersecurity Deepfake Fraud identity Recruitment Resume Verification

Fake Candidates, Real Threat: Deepfake Job Applicants Are the New Cybersecurity Challenge

 

When voice authentication firm Pindrop Security advertised an opening for a senior engineering role, one resume caught their attention. The candidate, a Russian developer named Ivan, appeared to be a perfect fit on paper. But during the video interview, something felt off—his facial expressions didn’t quite match his speech. It turned out Ivan wasn’t who he claimed to be.

According to Vijay Balasubramaniyan, CEO and co-founder of Pindrop, Ivan was a fraudster using deepfake software and other generative AI tools in an attempt to secure a job through deception.

“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”

While businesses have always had to protect themselves against hackers targeting vulnerabilities, a new kind of threat has emerged: job applicants powered by AI who fake their identities to gain employment. From forged resumes and AI-generated IDs to scripted interview responses, these candidates are part of a fast-growing trend that cybersecurity experts warn is here to stay.

In fact, a Gartner report predicts that by 2028, 1 in 4 job seekers globally will be using some form of AI-generated deception.

The implications for employers are serious. Fraudulent hires can introduce malware, exfiltrate confidential data, or simply draw salaries under false pretenses.

A Growing Cybercrime Strategy

This problem is especially acute in cybersecurity and crypto startups, where remote hiring makes it easier for scammers to operate undetected. Ben Sesser, CEO of BrightHire, noted a massive uptick in these incidents over the past year.

“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”

This isn’t a problem confined to startups. Earlier this year, the U.S. Department of Justice disclosed that over 300 American companies had unknowingly hired IT workers tied to North Korea. The impersonators used stolen identities, operated via remote networks, and allegedly funneled salaries back to fund the country’s weapons program.

Criminal Networks & AI-Enhanced Resumes

Lili Infante, founder and CEO of Florida-based CAT Labs, says her firm regularly receives applications from suspected North Korean agents.

“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”

To filter out such applicants, CAT Labs relies on ID verification companies like iDenfy, Jumio, and Socure, which specialize in detecting deepfakes and verifying authenticity.

The issue has expanded far beyond North Korea. Experts like Roger Grimes, a longtime computer security consultant, report similar patterns with fake candidates originating from Russia, China, Malaysia, and South Korea.

Ironically, some of these impersonators end up excelling in their roles.

“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.

Even KnowBe4, the cybersecurity firm Grimes works with, accidentally hired a deepfake engineer from North Korea who used AI to modify a stock photo and passed through multiple background checks. The deception was uncovered only after suspicious network activity was flagged.

What Lies Ahead

Despite a few high-profile incidents, most hiring teams still aren’t fully aware of the risks posed by deepfake job applicants.

“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” said BrightHire’s Sesser. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”

As deepfake tools become increasingly realistic, experts believe the problem will grow harder to detect. Fortunately, companies like Pindrop are already developing video authentication systems to fight back. It was one such system that ultimately exposed “Ivan X.”

Although Ivan claimed to be in western Ukraine, his IP address revealed he was operating from a Russian military base near North Korea, according to the company.

Pindrop, backed by Andreessen Horowitz and Citi Ventures, originally focused on detecting voice-based fraud. Today, it may be pivoting toward defending video and digital hiring interactions.

“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”
Read more »
Sensitive data
cyber attack identity Microsoft Security Sensitive data

Microsoft Tightens Cloud Security After Major Breaches

 



In its efforts to better its cloud security, Microsoft has done much to remove any potential vulnerabilities and tightened the process of authenticating individuals. This comes after the tech giant saw several security breaches within the past year. Under the Secure Future Initiative launched in November 2023, Microsoft has so far purged 730,000 unused applications and deactivated 5.75 million inactive tenants in its cloud system. The initiative has been a direct response to cyber intrusions that had resulted in the revelation of sensitive data.

Reducing the Cyber Attack Surface

The firm has sought to minimise its attack surface by identifying dead or idle areas of its cloud infrastructure and is working to eliminate them. Removing hundreds of thousands of applications and millions of unused tenants works at making Microsoft shrink down the possible avenues the hackers may employ to penetrate it. Furthermore, Microsoft has sought to make the software production environment more secure by equipping the software teams with 15,000 locked-down devices. In its other security measure, the company conducted video-based identity verification for 95 percent of its production staff for further security in the identity authentication process. 

Better Identity and Authentication Security

Cybersecurity is one aspect where Microsoft has improved much. For instance, the identity management systems for its Entra ID and Microsoft Account (MSA) platforms have been remarkably enhanced.

These updates target better generation, storage, and rotation of access token signing keys as means to advance the protection of the public and government cloud environments. This is partly because of an incident in 2023, when hacking group Storm-0558 from China successfully accessed Exchange Online systems and penetrated the private email accounts of dozens of state officials. 

Secure Future Initiative Focus Areas

The SFI project is the most ambitious cybersecurity effort Microsoft has undertaken to date, providing 34,000 engineers dedicated to bulking up the company's defences. It focuses mainly on six critical areas: identity and access control, securing cloud tenants and production systems, strengthening engineering systems, improving network security, enhancing threat detection, and perfecting incident response. By doing all of these broad strokes, the likelihood of any future breach of this scale is reduced.

Mitigating Past Security Mistakes

Analysis by the US Department of Homeland Security's Cyber Safety Review Board had shown that a succession of security lapses at the company allowed these breaches. The inquiry, focused on the Storm-0558 intrusion, had asserted that it was time for Microsoft to strengthen its security posture, which primarily revolved around identity and authentication processes. Based on this, the company has moved very quickly to shore up weaknesses and prevent something similar from happening in the future.

Progress in Key Security Areas

Microsoft says it made strides in several areas in the latest report on SFI.

Unused applications and tenants removed reduce cloud attack surface. In network security, the firm now maintains a central inventory for more than 99% of physical assets, providing greater oversight.

Virtual networks with back-end connectivity are isolated from the corporate networks, which in turn is subjected to even more rigorous security audits. Centralised pipeline templates accounting for 85% of the production builds have been so far a part of the security. Personal access tokens now also have a much shorter life. Proof-of-presence checks are also instituted at the most sensitive points of the software development pipeline. 

Organisational Changes for Better Security

Beyond the technical, there have been organisations which are aimed at ensuring the executives are held responsible for security outcomes. There have been those who tied senior leadership compensation to specific security goals and that the company's threat intelligence team reports directly to the Chief Information Security Officer. This is in the way that it gives the assurance that security is top of the agenda across the organisation.

The Microsoft Secure Future Initiative is a reflection of its attempt to learn from previous failures in the area of security and succeed further in the cloud environment. The company intends to secure itself and, by extension, its customers from future cyber-attacks by enforcing identity verification, reducing attack surfaces, and having a strong network as well as engineering security. Hence, through continuous actions, Microsoft aims to ensure that such instances-where confidential and sensitive data are leaked-would not recur in the future.





Read more »
syndicates
criminals criminals' methods Cyber Crime fake license fake plates Hijacking identity identity concealment insight investigator Mercedes-Benz police force stolen syndicates

Recovered Stolen Mercedes Offers Glimpse into Hijackers' Tactics

 

A recently recovered Mercedes-Benz, which had been stolen and then found equipped with counterfeit license plates and a forged license disc, has shed light on the operational tactics of hijacking syndicates and their ability to exploit technological advancements to evade capture.

Specialist investigator Mike Bolhuis, drawing on his extensive experience in investigating serious, violent, and cyber crimes, shared insights regarding the strategies employed by hijackers to conceal their identities and mask stolen vehicles.

Marshall Security, on Tuesday, announced the retrieval of a stolen Mercedes-Benz C200 along Sinembe Crescent near uMhlanga Rocks Drive, situated in the Somerset Park region. This vehicle was reportedly taken from Reservoir Hills the previous week.

Following the recovery, Marshall Security disclosed that the abandoned vehicle was equipped with fraudulent plates and a counterfeit license disc. The South African Police Service (SAPS) had been actively searching for the vehicle.

However, as Bolhuis emphasizes, false license discs and plates merely scratch the surface of the broader issue associated with hijacking. Criminals exploit technological advancements, while law enforcement faces challenges in combating these crimes.

Bolhuis characterizes the methods employed by criminals to mask their identities and switch between aliases as a form of cybercrime. He explains that criminals employ fabricated identities and counterfeit information for vehicles, often with assistance from corrupt individuals within various sectors.

These criminal activities are grounded in cybercrime, a global concern. Criminals exploit this digital realm to fabricate false documents routinely, rendering their capture challenging. Bolhuis asserts that law enforcement's struggle against digital crimes is compounded by their limited capacity, enabling criminals to exploit this weakness.

He asserts that the primary means of apprehending these criminals involves witnesses, forensic information, or digital tracking. Bolhuis highlights the necessity of gathering forensic evidence, citing the potential of trace elements such as saliva or hair follicles, as well as using indicators like dirt on wheels to deduce the stolen vehicle's movements.

Upon stealing a vehicle, criminals adapt their approach based on their objectives. They may fulfill orders for high-end vehicles or employ the stolen cars in the commission of other crimes. Vehicles are sometimes used to ram cash-transit vehicles or for ATM bombings before being left at the scene. Bolhuis particularly underscores the importance of forensic data in narrowing down suspects.

The latest statistics from the South African Police Service (SAPS) reveal that between April and June 2023, 9,081 motor vehicles and motorcycles were reported as stolen. Carjackings accounted for a significant portion, with 2,591 sedans, coupes, and hatchbacks stolen, along with 1,582 bakkies.

The Western Cape and Gauteng regions of South Africa experienced the highest incidence of carjackings, reflecting the pervasive nature of this criminal phenomenon.
Read more »
Subscribe to: Posts (Atom)