Corporate executives are facing a rise in impersonation-based cyberattacks aimed at gaining access to their home networks and putting them and their families at risk of personal harm, security researchers and other experts warn.
The increase in threat activity is connected to the growing sophistication of voice-cloning and deepfake technology, which allows attackers to send out fake videos and messages claiming to be from trusted contacts, such as senior executives at the targets’ companies. After breaching their targets, the attackers use their privileged access to further dupe the victims’ colleagues and engage in corporate espionage or extortion.
The rise in impersonation attacks against executives comes as the fatal shooting of United Healthcare CEO Brian Thompson in 2024 heightens business leaders’ fears for their personal safety and that of their families.
In a Ponemon Institute survey sponsored by BlackCloak, a security firm specializing in digital protection, slightly more than half of security professionals said hackers personally targeted an executive at their organization this year, up from 43% two years ago.
Approximately 40% respondents said an executive was targeted in a deepfake attack this year, up from about one-third in 2023. The study shows that the impersonation of trusted contacts is a common attack vector, with hackers requesting payments or confidential information under the guise of a security incident.
“As AI technology advances, attackers are shifting their focus from technical exploits to human emotions using deeply personal and well-orchestrated social engineering tactics,” Chris Pierson, founder and CEO of BlackCloak, said via email.
Hackers are increasingly creating fake video or audio files of executives or their family members and using those techniques to steal money or trick targets into releasing sensitive data or taking other actions that could compromise their company, Pierson said.
Attackers are also stepping up their targeting of executives’ home networks, as many business leaders either work remotely or frequently access their corporate networks from home.
“When we look at the intelligence landscape involving the protection of high-net-worth individuals, protecting them, their families and their assets is challenging to say the least,” Anthony Carter, senior adviser at the corporate advisory firm AlphaMile, said at a May 15 conference sponsored by the Digital Evolution Institute.
Forty-one percent of the 5.5 million high-net-worth individuals in the U.S. reported being the victim of a digital or physical crime, Carter said.
Cyberattacks on executives have grown in the aftermath of Thompson’s killing, according to security firm Flashpoint. In April, researchers identified a website called “Luigi was right” that contained detailed personal and business information about executives at roughly 1,000 companies.
The site appeared to go offline on May 29, but a new site called the CEO Database appeared later that same day. That website contained even more information, including phone numbers and LinkedIn account information.
Attackers likely developed the websites to cultivate support and interest in the ongoing anti-executive movement in the U.S., Flashpoint researchers told Cybersecurity Dive. And given their wealth of data, the sites could help hackers acquire additional information about these executives.
“Based on the likelihood that personal contact information was present on these websites, threat actors could use the provided information to conduct additional searches on open source platforms or paid data aggregator sites and potentially gain access to additional PII such as residential addresses,” said the researchers, who asked not to be identified due to safety concerns associated with their work.
