For example, an attacker might use a deep fake video during a virtual meeting to deceive individuals into revealing sensitive information.
| Photo Credit:
wildpixel
Cyber attackers are expected to increasingly leverage deep fakes and artificial intelligence (AI)-generated content as potent tools for intrusion, particularly in social engineering attacks, Digital Threat Report 2024 published by the Ministry of Electronics and Information Technology (MeitY) said, on Monday.
The advancement of deep fake technology enables the creation of highly realistic and manipulated audio and video content that can convincingly impersonate individuals, it said.
“Deep fake voice and video allow cyber perpetrators to mimic the voices and appearances of executives, employees, or trusted partners,” the report published to support cybersecurity in the banking, financial services and insurance (BFSI) sector, said.
For example, an attacker might use a deep fake video during a virtual meeting to deceive a finance team into authorising a unauthorised transfer or employ a deep fake voice to trick individuals into revealing one-time passwords (OTPs) for multi-factor authentication (MFA), passwords, or other sensitive information, the report stated.
Computer Emergency Response Team (CERT-In, under the MeitY), CSIRT-Fin and SISA, a global cybersecurity company, collaborated to the report.
Also, there is a growing apprehension about the influence on Large Language Models (LLMs), the report said, adding that the attackers may attempt to manipulate LLMs or their training data to promote malicious libraries. By poisoning the datasets or exploiting vulnerabilities in the models, they can cause LLMs to suggest or generate code that includes compromised libraries.
“Developers relying on LLMs for coding assistance or recommendations might then integrate these malicious components into their applications, unknowingly propagating vulnerabilities. Even in organisations that prohibit direct use of LLM-generated code, developers may still seek guidance from these models, increasing the risk of incorporating tainted libraries,” the report further stated.
“The interconnected nature of the BFSI ecosystem means that a single cyberattack can have systemic repercussions, impacting multiple entities beyond the initial target. This underscores the urgent need for coordinated cybersecurity efforts at a national and sectoral level. CERT-In and CSIRT-Fin play a vital role in mitigating these risks by collaborating with regulators, industry stakeholders, and global cybersecurity bodies to ensure timely detection, response, and recovery from cyber incidents,” S Krishnan, Secretary, MeitY, said.
Meanwhile, while speaking about the recent hikes in import duty by the US, Krishnan said that the Indian electronics and IT sector manufacturers are not “overly” concerned.
“We’ve been in regular consultation with manufacturers in India. That is something that we are speaking to them on an ongoing basis. They are not overly concerned right now, but it also depends on how this whole situation plays out. It’s a dynamic situation,” Krishnan added.
Published on April 7, 2025
