Doxing, deepfake attacks on the rise

Corporate doxing, or the process of gathering confidential information about an organisation and its employees without their agreement, to harm them or profit from it, is on the rise.

According to researchers from Kaspersky, the proliferation of publicly available information, data leaks and advancement of technology are leading to a state in which tricking employees into giving out confidential information or even transferring funds is becoming easier than ever before.

One of the methods used to dox organisations is business e-mail compromise (BEC) attacks, or targeted attacks in which bad actors initiate email chains with employees by impersonating someone from the company.

During February this year Kaspersky detected 1646 of these attacks, underlining the vulnerability of businesses when it comes to the exploitation of publicly available information.

The purpose of these attacks is usually to extract proprietary information, such as client databases, or to steal money. Kaspersky researchers say they often analyse instances in which threat actors impersonate one of the target company’s employees using e-mails that are almost indistinguishable from the genuine article.

These threats could not happen on a massive scale without malefactors gathering and analysing public information available on social media and suchlike, including names and positions of employees, their whereabouts, holiday dates and connections.

But, BEC attacks are only one type of attack that exploit publicly available information to achieve their ends. The range of ways businesses can be doxed is wide – over and above the usual methods such as phishing or compiling profiles on organisations using data leaks, more creative, technology-driven approaches are also used.

Another trending corporate doxing strategy is identity theft. As a rule of thumb, doxers depend on information to profile specific staff members and then exploit their identity. A surge in deepfake technology is making these attacks easy to execute provided there is public data to begin with.

For example, a deepfake video of an employee doing something illegal or inappropriate could do damage to the company’s reputation, and all a criminal needs to create it is a visual of the target employee and basic personal information.

Voices can also be abused. A speaker presenting on the radio or in a podcast could end up having their voice recorded and then imitated later, for instance, in a call to accounting requesting an urgent banking transfer or sending over clients’ database.

Kaspersky recommends to establish a rigid rule to never discuss work-related issues outside of the official corporate messengers.

“Corporate doxing is a real threat for an organisations’ confidential data and one that should not be overlooked," says Roman Dedenok, security researcher at Kaspersky. "The doxing of organisations, just as of people, may result in financial and reputational losses, and the more sensitive the confidential information extracted is, the higher the harm. At the same time, doxing is one of the threats that could be prevented or at least significantly minimised with strong security procedures within an organisation.”

In order to avoid or minimise the risk of a successful attack on an organisation, Kaspersky recommends:

• Establish a rigid rule to never discuss work-related issues outside of the official corporate messaging platforms, and train employees to strictly adhere to this rule.
• Raise employee awareness of cyber security issues and threats. This is the only way to effectively counteract the social engineering techniques that are aggressively used by attackers, according to Kaspersky.
• Train employees to double-check information requests that come via e-mail, phone calls or messages sent from an external platform.
• Ensure the latest anti-spam and anti-phishing solutions are used and kept up-to-date.