AI powered deep fakes pose major cyber threat

A routine email setting up an online office interaction with the finance team of a company or senior staff at a bank is hardly unusual. Part and parcel of remote and online working, one might assume. But the audio or visual interaction where a senior supervisor directs or authorises a fund transfer might be a sophisticated fraud that uses a deep fake video that so closely mimics an employee as to escape detection.

Just as artificial intelligence is revolutionising business and even inter-personal interactions, it is becoming a potent tool for cyber threat actors that requires urgent attention that goes beyond routine compliance and factors in continuous monitoring of cyber threats and system checks that detect new vulnerabilities, says the Digital Threat Report 2024 prepared by SISA, a forensics driven cybersecurity company in collaboration with CERT-In (Indian Computer Emergency Response Team) and CSIRT-Fin (Computer Security Incident Response Team). This is first such private sector-government report on the Banking, Financial Services and Insurance (BFSI) sector.

“Attacks in 2025 will not only be more sophisticated but also exponentially more evasive and pervasive. Threat actors are set to harness AI to craft highly customized assaults, leaving minimal trace as they operate at an unprecedented scale—powered by the same revolutionary technologies transforming industries globally. Add to that the looming quantum computing revolution capable of rendering today’s encryption obsolete, organizations face an evolving and complex reality. Preparing for these seismic shifts is no longer optional, it’s essential for survival,” says the report released in New Delhi last week.

“A cyber attack on a financial institution can have disastrous results and the losses can be exponential,” said information technology secretary S Krishnan at the launch, adding that the answer lies in anticipation and resilience. He also said the government has developed a wide range of capabilities, some of which could not be discussed in public, to deal with emerging threat actors.

Dharshan Shanthamurthy, CEO of SISA said, “Cybersecurity resilience is built on collaboration. By integrating real-world threat intelligence, national cybersecurity insights, and financial sector incident response, this report delivers actionable intelligence that enables financial institutions to stay ahead of evolving threats. Our commitment extends beyond insights—we aim to fortify resilience in India’s BFSI sector and globally, driving a future where digital transactions are secure, seamless, and uncompromisingly protected.”

The observations were reinforced by Sanjay Bahl, DG of CERT-In, who said ““Cybersecurity is not just about protecting individual entities. It’s about securing an entire ecosystem. In today’s hyper-connected world, threats evolve faster than ever, making collaborative intelligence-sharing essential. This report is meant to empower financial institutions to stay ahead of adversaries, adapt to emerging risks, and build long-term cyber resilience. Initiatives like these reinforce India’s commitment to setting global benchmarks in financial cybersecurity, ensuring that as digital transactions grow, they remain secure, trusted, and resilient against future threats.”

By pooling the expertise and experience of government and private sector, the report points to important trends in cyber attacks. “In 2024, the sector witnessed a surge in the sophistication, scale, and diversity of cyberattacks, highlighting a rapidly evolving threat landscape. With the average cost of a data breach reaching an all-time high of $4.88 million globally1 —a 10% increase from 2023—and $2.18 million in India, the financial stakes have never been higher,” the report states.

The report predicts a rise in IoT (Internet of Things) attacks with compromised devices providing lateral movement across networks, a rise in deep fakes and AI generated content that bypasses standard verification, use of malicious codes in supply chain attacks, increased hacking of Large Language Models (LLMs), use of quantum computing to break encryption and exploitation of crypto currency wallets.

The mitigation steps the report recommends includes strengthening hardware and automatic data wipes in case of tampering, better debugging interfaces, special attention to boot processes, continuous evaluation of device security and frequent hardware security audits.  “Cloud exploits emerged as a critical entry point, exposing gaps in complex infrastructures and amplifying the financial and operational impacts of breaches. Meanwhile, supply chain attacks have evolved to exploit interconnectivity, breaching even the most fortified systems with persistent and adaptive tactics, the report said.

AI’s ability to exploit identity vulnerabilities and bypass defences using “social engineering” techniques signals a troubling evolution in cyber tactics. “Deepfake technology, for instance, is enabling largescale impersonation scams, including executive-level Business Email Compromise (BEC) attacks and misinformation campaigns. With India experiencing a higher than average rise in deepfake identity fraud, organizations face unprecedented challenges in preserving digital trust,” the report notes.

AI-powered tools are used to mine social media, scrape employee data, and craft highly personalized lures that bypass traditional security filters. “Pretexting, the art of creating false scenarios, plays a central role in these attacks, deceiving employees into transferring funds, sharing credentials, or altering account information under the guise of legitimate requests,” the report says.

The growing accessibility of “deepfake as a service” platforms further amplify the effectiveness of these schemes, allowing adversaries to convincingly impersonate executives and bypass manual verification processes. Interestingly enough, the report said AI’s accessibility has “democratized cyber attacks,” enabling even smaller groups to launch impactful attacks. These AI-enhanced phishing attempts can mimic the tone, style, and branding of trusted entities with remarkable accuracy, making them more persuasive and harder to detect.

Cyberattacks are no longer confined to external breaches or malware infections chain and range from core financial application platforms and payment gateways to cloud infrastructure and customer-facing applications, the report said. In one case, attackers targeted the reward points system, inflating the value of 250 points from $50 to $50,000. “Attackers were able to deceive the system by crediting manipulated reward points to users’ mobile wallets. This credit served as a stepping stone for the next phase of the attack which was to transfer funds,” a case study showed.

In a ransom attack, a member of the notorious “RansomEXX ransomware group” gained access through vulnerabilities in the provider’s infrastructure, slipping past defences undetected. “Once inside, the attacker deleted critical database backups and deployed a custom ransomware variant called ‘cryptor’, encrypting critical files. “The ransom note left behind was more than just a demand— it was a threat of double extortion, warning that sensitive client data would be leaked if the ransom wasn’t paid,” the report said.

A hacker demonstrated precise manipulation such as removing capacitors, fine-tuning glitch parameters, and avoiding crashes that could erase critical data. “Careful tuning of signal widths, wire lengths, and trigger points proved essential in hitting the microcontroller at exactly the right moment. After hours of meticulous attempts, the hacker successfully retrieved funds, demonstrating how microcontroller weaknesses in embedded devices can be exploited if not rigorously secured against fault attacks,” the report said, highlighting the expertise being displayed by cyber attackers.

The worldwide end-user spending on information security, said the report, is expected to reach US$212 billion by 2025, marking a 15.1% increase from 2024. “While this reflects the growing importance placed on cybersecurity, it also underscores a concerning trend: the more we spend, the more sophisticated and widespread attacks become. This paradox isn’t merely about advanced threat actors; it’s also about foundational cracks in how organizations approach cyber security.”

bankingcyber attackscyber securitydeep fake video sdigital threatsfinancial servicesinsuranceWeb Exclusive