Wiz Security Targeted in Deepfake Attack

Wiz Targeted in Deepfake Attack

Wiz Security, a prominent cybersecurity firm, was recently targeted in a sophisticated deepfake attack. The incident was disclosed by Wiz's CEO, Assaf Rappaport, during his appearance at TechCrunch Disrupt in San Francisco on October 28, 2024.

The attackers used advanced AI technology to create a deepfake of Rappaport's voice, which they then used to send voice messages to dozens of Wiz employees. The messages, allegedly from Rappaport, attempted to trick employees into divulging their login credentials. This type of attack, known as a credential-based attack, could have allowed the hackers to gain unauthorized access to Wiz's internal systems and potentially compromise sensitive data.

Rappaport explained that the deepfake was created using audio clips of his voice from a public conference. However, the attack was thwarted because the employees noticed discrepancies in the voice. Rappaport, who has public speaking anxiety, sounds different in public speeches compared to his everyday interactions. This inconsistency alerted the employees that something was amiss.

The incident highlights the growing threat of deepfake technology in cybersecurity. Deepfakes, which use AI to create highly realistic but fake audio or video, have become increasingly sophisticated and accessible. This has raised concerns about their potential misuse in various sectors, including cybersecurity, politics, and finance.

Wiz Security, valued at $12 billion, is not the first high-profile target of deepfake attacks. Earlier this year, the world's largest advertising company, WPP, experienced a similar attack where hackers used a deepfake of the CEO's voice and face to conduct a fraudulent Microsoft Teams meeting. These incidents underscore the need for heightened awareness and advanced security measures to combat the evolving threat landscape.

Deepfakes and Security Awareness Training

Rappaport emphasized the importance of vigilance and training in identifying and responding to such attacks. He noted that while technology can be a powerful tool for security, human intuition and awareness remain crucial in detecting anomalies that automated systems might miss.

The attack on Wiz Security serves as a stark reminder of the vulnerabilities even the most secure organizations face in the digital age. As deepfake technology continues to advance, it is imperative for companies to stay ahead of potential threats through continuous education, robust security protocols, and the integration of advanced AI detection tools.

Adaptive Security offers the perfect solution for addressing this challenge. Prepare your team for the next generation of social engineering attacks with Adaptive's AI phishing simulations. Our security training platform is the first to include executive deepfake phishing scenarios and other multichannel threat simulations, so you can truly improve your risk posture against emerging threats.

To learn more, get a demo today!