Cyber Security Today, Sept. 18, 2023 – How a deepfake voice caused a company to be hacked

How a deepfake voice caused a company to be hacked.

Welcome to Cyber Security Today. It’s Monday, September 18th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Last week I did a news story on ITWorldCanada.com about a warning from U.S. cyber authorities that threat actors are using deepfake audio and videos to trick victims. An application development platform called Retool just gave an example of how it was taken advantage of with this technolgy. First, an employee fell for a text pretending to be from the company’s IT support staff about an account issue. The text had a web address that looked like Retool’s internal identity portal. After the employee logged into the fake portal — giving up their username and password — the hacker phoned the staff member with a deepfaked voice similar to a real IT support member’s voice. They asked the victim employee for one of their multifactor authentication codes. That way the attacker could log into the Retool system. Then the attacker added their computing device to the victim’s account for receiving MFA login tokens so they could login at any time.

Let me stop for a minute. This is where security awareness training of employees to detect this kind of scam is vital. No employee should give up a password over the phone or to a link sent to them unless the employee started the communications. As it, they have trouble logging in so they ask for help. In fact, the attacker sent texts to several Retool employees pretending to be from the IT support team. All but one fell for it. That’s lesson two: All a hacker needs is one employee to be suckered and a company could be in trouble. Lesson three is the lengths to which this attacker took to be convincing. Somehow they found out about the layout of the Retool office and were able to tell the victim things to erase any of the victim’s doubts.

The second part of this story is that after getting access to the Retool login authentication system the attacker got into the victim’s Gsuite email account, which was supposed to be protected from compromise through the use of the victim’s Google Authenticator app. It generates MFA codes. How did the attacker get these codes? Because, says Retool, this app’s recent default ability is to save MFA codes to the Google cloud. So the attacker was able to get the Google Authenticator MFA codes for that employee. Retool complains there isn’t an easy way for a user to stop synching MFA codes to the cloud and only allow them to be displayed locally. Ultimately 27 Retool customers had their accounts taken over.

IT managers whose firms use Google Authenticator have to think carefully about allowing cloud synchronization. In a statement to Security Week on the Retool incident, Google says users have a choice whether to synch their codes to the cloud or not.

In other news, TikTok face a US$368 million fine for violating the European Union’s privacy law in the way it handled children’s data. The Irish Data Protection Commission, acting for all EU members, made that announcement Friday. The setting of the fine came after the commission concluded in August that the social media platform’s policies, including a public-by-default setting for content, violated the EU General Data Protection Regulation. TikTok says the commission’s complaints are focused on features and settings that have been changed. Accounts created by those under the age of 16 are now private by default.

Finally, Google has agreed to a US$93 million settlement with the state of California over its location-privacy practices. This came after the Associated Press reported Google continued to track users’ location data even after they opted out of tracking by disabling their location history.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast