Summary6 min read

The Defender's Advantage Podcast — "Vishing in the Wild"

Host: Luke McNamara (Mandiant / Google Threat Intelligence Group)
Guests: Nick Cutilla (Consultant, Mandiant Offensive Security Services), Emily Astronova (Associate Consultant, Mandiant Offensive Security Services)
Date: June 4, 2025

Episode Overview

This episode tackles the evolving cybersecurity threat of vishing (voice phishing), with deep dives into both traditional and AI-powered voice-cloning attacks. Host Luke McNamara speaks with red teamers Nick Cutilla and Emily Astronova about their hands-on experiences, real-world red team engagements, insights from recent attacks, and practical defensive measures. The team also examines the future of vishing as AI models rapidly lower the barriers for sophisticated voice impersonation.

Key Discussion Points & Insights

1. Red Teaming and the Role of Offensive Security Services

Red Teaming Defined: Simulating real-world attack scenarios to proactively identify weaknesses (01:27).
- "We perform assessments from the perspective of a malicious actor … to better prepare the customer for those threats." – Nick (01:27)
Proactive security, not only identifying but emulating threat actors' methods.

2. Vishing: What It Is and Why It’s Gaining Attention

Definition of Vishing (Voice Phishing):
- Social engineering over phone calls to manipulate targets into sharing information or taking compromising actions (03:37).
Effectiveness Factors:
- Rise in remote work dilutes personal, face-to-face familiarity, making impersonation easier (04:00).
- Increased communications with “strangers” in large organizations (03:37–05:30).
- Less organizational control over personal devices (05:51).
Threat Actor Example:
- Scattered Spider (UNC3944), known for using vishing in high-impact attacks (05:16).

Quote:
"When you're on the phone with somebody and speaking and there's intonation... there’s more of a believableness... it becomes a little more convincing." – Nick (07:14)

3. Vishing in Red Team Engagements: Tactics and Examples

A. Preparing and Scoping Vishing Engagements

Engagements are tailored to client needs: employee sectors, IT, call centers, management, etc. (08:15).
Can be used in both initial access and lateral movement stages (09:53–10:22).

B. Real Red Team Example (Emily)

Process:
- Open source intelligence (OSINT) to identify new employees and key IT systems (12:51).
- Spoofed IT phone number to call a new employee who had never met or heard the real IT person.
- Used a realistic pretext (installing urgent patch via TeamViewer) to secure user credentials and install payload.
Outcome:
- Gained control of a low-privilege user, escalated to domain admin on the first day through ADCS misconfigurations (12:51–15:18).

C. Lateral Movement

Monitored internal channels for support issues, then called employees with believable knowledge of their real IT issues (15:57).
Exploited weak identity validation processes to reset passwords, register new MFA devices, and eventually gain admin access (15:57–19:32).

Quote:
"We followed up on their profile, see if we can get their direct phone number that was linked ... and then called those users individually knowing their real IT issue..." – Nick (15:57)

4. AI-powered Voice Cloning: Raising the Stakes

A. Real-World AI Vishing Attack (Emily)

Challenge: Vishing a security team member who was friends with the red team’s point of contact — higher suspicion bar.
Trained an AI model using only 10 minutes of recorded voice from the PoC (24:05).
Result: Successfully impersonated the PoC, passed as their “boss” in real time during a call, and harvested credentials (20:54–23:15).

Quote:
"All this is real time. I'm on the other end of the call and sure enough we got our payload deployed and rest is history." – Emily (22:32)

B. Data Sourcing for Voice Models

Access to internal call recordings or publicly available data (e.g., conference talks, YouTube), even for C-level executives or admins, enables highly accurate cloning (24:23–25:14).
Critical Incident:
- Found a network folder with every recorded corporate phone call—potential goldmine for attackers seeking to train models for voice impersonation (25:14).

Quote:
"I was like, this could absolutely be used to train models for AI voice cloning, lateral movement." – Emily (25:14)

C. Utility and Feasibility

Even if organizations don’t provide data, attackers can often source enough public audio (26:18).
The barrier to entry for AI vishing is now "super low"—consumer hardware and open-source models suffice (35:51).

5. Defensive Strategies & What Actually Works

A. Technical Controls

Universal and enforced MFA for all access points—prevents exploitation even after password resets (28:31).
Strong identification processes:
- Manager approval or third-party verification for resets of password or MFA (28:31).
- In-person or video verification with ID for sensitive changes (28:31–29:50).
Alerting on correlated changes: password and MFA resets in quick succession.

Quote:
"The biggest one: enforcement of MFA as a whole ... getting that individual's manager involved directly for that process..." – Nick (28:31)

B. Employee Training

Encourage “call back” as verification: if users get urgent or suspicious calls, call the number back via internal directory—spoofing fails (32:03).
Use “out-of-band” communication or rotating code words for high-privilege actions (33:09).
Training on social engineering awareness: never act on urgency or secrecy alone.

Quote:
"As attackers, we can spoof the phone number ... but if you call back, it’s going to go to the actual intended individual—not back to us, the attacker." – Emily (32:03)

6. The Future of (AI) Vishing

Both Nick and Emily predict the technique will grow more prevalent as organizations harden other attack surfaces but voice-based tradecraft remains effective (34:17–35:51).
AI video impersonation is emerging, and defenders may respond by leveraging AI for voice and video verification (34:17).
FBI and others now tracking cases of high-level AI impersonations in the wild (35:51).

Quote:
"I don't think phishing as a whole is going away anytime soon. Especially the more we rely on these methods of remote interaction." – Nick (34:17)

Quote:
"The barrier to entry is already super low for voice at least ... and video starts to become more accessible as well." – Emily (35:51)

Notable Quotes & Moments

On the psychology of vishing:
"When you're on the phone and there's intonation ... it becomes a little more convincing." – Nick (07:14)
On red team creativity:
"We had her navigate to an attacker-controlled portal ... stole those, stole her session ... [then] escalated from that low privilege user to domain admin in the first day." – Emily (12:51)
On AI voice cloning efficiency:
"We only needed 10 minutes of audio data ... enough to create a really convincing voice model." – Emily (24:05)
On defensive best practices:
"The biggest one: enforcement of MFA ... and have the manager involved directly for that process." – Nick (28:31)
On the low bar for adversaries:
"This is all being done on consumer hardware with open source models ... I don't see why that trend wouldn't continue." – Emily (35:51)

Key Timestamps

| Time | Segment / Topic | |-----------|---------------------------------------------------| | 01:27–02:15 | Red Teaming: Role & Philosophy | | 03:37–07:14 | Definition and Effectiveness of Vishing | | 08:15–12:51 | Scoping and Examples of Vishing in Engagements | | 12:51–15:18 | Detailed Case Study: Vishing to Domain Admin | | 15:57–19:32 | Lateral Movement & Identity Exploits | | 20:54–23:15 | AI Voice Cloning: Real Attack Example | | 24:05–25:14 | Voice Model Training, Internal Audio Sources | | 25:41–28:31 | AI Utility, Sourcing Public Data | | 28:31–33:09 | Defensive Strategies: MFA, Verification, Training| | 34:17–36:41 | The Future: Proliferation & AI-powered Attacks |

Conclusion

The episode delivers a rich, practical look at how vishing—both traditional and AI-enhanced—enables attackers to bypass defenses, exploit human trust, and move laterally within organizations. With the rising prevalence and low barrier to sophisticated voice cloning, the hosts underscore the urgent need for layered defenses, robust training, and creative policy controls. The arms race between attackers leveraging AI, and defenders deploying both technical and procedural safeguards, is only just beginning.

Recommended action:

Review organizational policies around identity verification, especially for high-privilege actions and remote processes.
Enforce universal MFA and strengthen escalation procedures for resets.
Regularly train staff on vishing awareness—encourage callbacks, out-of-band verification, and critical thinking in all urgent requests.
Monitor developments in AI-driven impersonation and consider defensive AI countermeasures.

Loading summary

Transcript39 lines

[00:03]
A
So I was actually just on an engagement where we had compromised a low privilege user and we discovered a share a network share of files in the environment that all users had access to that contained every phone recording that ever been had on a corporate phone device. And that immediately came to mind. I was like, this could absolutely be used to train models I additional models for AI, voice cloning, lateral movement.
[00:40]
B
Welcome to another episode of Mandiant's Defenders Advantage podcast. I am your host, Luke McNamara. Joining me today, I have the pleasure of welcoming on Nick Cutilla, a consultant here in Mandiant Offensive Security Services as well as Emily Astronova, associate consultants also with the same team. Nick. Emily, great to have you here today.
[01:03]
A
Thank you for having us.
[01:05]
C
Yep, glad to be here.
[01:07]
B
So we were just talking, I think right before we hit record, the Manning Offensive Security Services. These are the artists formerly known as the Red Teamers. There's. I don't want to limit you guys to just doing those things, but maybe we could start at the outset before we get into today's topic with you guys talking a little bit about, you know, what you do and kind of the role of your team. Nick, go ahead.
[01:27]
C
Yeah, so basically high level is that we perform assessments for our customers from the perspective of a malicious actor and that being one of a goal that's trying to cause them damage, exploit their products, their applications, their infrastructure, harm their customers, customer data, etc. And what our goal is right, in emulating these actors is to better prepare the customer for those threats, identify gaps or misconfigurations that they have may have otherwise gone unnoticed. Right. And actually exploited by that threat actor. So we actually used to even be called proactive security and that's the gist there, right, is we're being proactive about a lot of these potential threats and revealing them for the client, for the betterment of their posture. Emily, if you want to add some more to that.
[02:16]
A
No, I think you hit the nail on the head.
[02:18]
B
Excellent. Well, I'm excited to have this conversation. I think it's been a while since we've had anyone from the red teaming, pen testing offensive side on. And I think the topic though that we're going to talk about today is very timely with some of the things that are in the news and we're going to approach it, I think from two different angles. So the topic is around vishing, Nick, this is something that you've been involved in and doing some of these engagements specifically around this. And there's a blog that by the time this episode comes out you will have released on our site, we'll include in the show notes, but then the other piece. And Emily, this is a blog actually you wrote last summer, I believe back in July is also on the topic of vishing, but more specifically the utilization of AI through voice cloning to carry out those sorts of engagements. So we're going to look at this topic, I think from both of those angles. The application of AI, but then vishing as a general technique and hopefully what organizations can do to detect and better prepare against this. So maybe Nick, to start with you, maybe you could just give us a description of like what you would consider within what is considered vishing. What is it? Why do we have a lot of interest around it against kind of testing against this particular threat right now?
[03:38]
C
Yeah. So first I want to define the concept of social engineering as a whole. So just quick, what that is in simple terms is it's a way to convince a target, an unsuspecting target, or manipulate, right. That person into performing a certain action or divulging information. Right. That's high level kind of social engineering. Now vishing is kind of just one way to do it. There's other ways physically being in front of that person. Right. If you're confronting them in person or maybe through some other technological means of a chat or a text message or email, things of that nature. But the reason why vishing is so effective in addition to these other methods is because in the current work culture and how our landscape is set up, we have so many different mechanisms of communicating with co workers. And this is even more apparent in large organizations where you might have two individuals that work on completely opposite sides of the world and they do need a way to communicate. And as a result though, the kind of face to face relationships that you have with these people on a day to day basis aren't really the same. You're not really sharing coffee in the morning, talking about your personal lives and getting so close in that manner to everyone. I mean I'm sure it still exists on a small scale people who work directly next to you, but there are always going to be individuals who do not. Right. And what vishing does is it allows an attacker to take advantage of this current setup and landscape of the remote work of contacting remote IT support and everyone getting essentially used to conversing with strangers in essence. Right. Even if it's a coworker, you might not have ever met them before. And that's kind of what why vision becomes so effective. The other reason why it's Such an effective attack vector is there's less control and we'll talk about the things that organizations can do, but there's less control for security teams that are hired by organizations on people's personal devices if they're targeted. Right. And that kind of vector, and also this vector as a whole has gotten famous from infamous groups such as Scattered Spider. Our threat intelligence team tracks them as UNC3944 and they, they've utilized vishing as one of their main tactics in many different industries, targeting help desks and individuals. So it's kind of brought to light this vector and kind of why organizations should be taking it as a serious threat.
[06:14]
B
Yeah, I think of it as a trend. This was actually from last year's mtrends report, not this year's. But something that I think still holds true is this sort of trend of evasion of detection and threat actors looking more creatively for ways to compromise organizations and get into the network that fall outside traditional security detection. So you mentioned like personal devices and the problem of if you have an employee who gets an info stealer on their personal device that they're also using for corporate work, you know, that activity, everything I just described there is taking place outside typically the security organization's visibility. And so vishing obviously being another technique that while phishing itself, traditional email based phishing, has been a threat for quite some time. There's processes around it, there's technologies to detect and prevent it, there's training. Vishing, I think seems to be a newer technique that while not dominant yet compared to some of these other things, is something that we are seeing more and more. You mentioned Scattered Spider back in the news being, you know, one. One sort of threat actor that has taken advantage of this.
[07:14]
C
Yeah. And I think just to add to that, vishing is also a very intimate form of interaction with the target. Right. When. When you're on the phone with somebody and speaking and there's intonation of your voice, there's sort of more of a believableness essentially of the person's character of their story, how they present themselves. It's very different from say an email or a text message where it's just a face value kind of item. There's nothing behind it. Right. Whereas when you're on the phone with somebody, it becomes a little more convincing and that this may be real, that they're contacting me directly in this manner. Right.
[07:54]
B
Describe a little bit about. Okay, so you're going into a red team engagement pen, testing engagement, and you're specifically going to employ this as a technique. Is this something that you scope with the customer beforehand and they say, okay, I would like for you to employ this as a technique. And then what does that kind of look like as you are planning out the engagement, kind of the preparatory stage?
[08:15]
C
Yeah. So I'd say all of our assessments for the most part are tailored to a customer's needs. They can get even more specific the more iterations that we work. Maybe the same client or clients that have a lot of experience in testing in general and they want us to look at specific things. But really what it comes down to is the scope of work. So if it's purely a social engineering project, we might define what we're social engineering. If it's employees, if, well, standard employees versus IT employees or a call center. And then we'll define what's in scope for that and if it's both or again, as we kind of were talking about a full scale red team and quick explanation of that being kind of the full gambit of an attack vector through externally facing infrastructure to internally facing infrastructure and then utilizing information gathered throughout the process to employ that with social engineering. So breaching a perimeter, gaining access to internal information and using that internal information that you might have otherwise not have had to better prepare the context or pretext for your voice campaigns. Right. So if you're able to gain information on technologies that are used, on conversations or issues that are existing IT support channels, things of that nature that maybe somebody who only is an employee would know, that can all better validate your pretext and how you approach social engineering. So overall it comes down to what the client wants and we basically want to give them the best emulation of what a real threat actor would do within the realm of what is legal for us. Right.
[09:54]
B
So I would imagine that a lot of this would be at the initial access stage where you'd be levering this particular technique. Although Emily, in your blog, we'll get to this in a second but you noted, I think some of the use cases where this certainly could be leveraged through other parts of the ATT and CK lifecycle, but maybe going to kind of where let's say you already have kind of scoped out what this engagement is going to look like. How might you approach kind of walk us through some of the ways that you would employ vishing as part of
[10:22]
C
that from the perspective of already being inside. Now as I mentioned, you would try sourcing internal data. Right. If we're talking about active directory, that might be User account profiles and any kind of data that is part of that. So we're talking employee identification numbers, teams that they're part of, group memberships, ownership over specific things. Right. And then as well as coworkers and hierarchical structures, who's their manager and all this information gathered to better present yourself if you're impersonating that employee to say an IT help desk where they might need any of the above information to validate you. Aside from that, if you're compromised a user's account already, you can converse over chat channels or phone calls through those. Those means where you have access to that person's account and the person on the recipient end, if they've never had a direct conversation with that person before, they might not be familiar with your voice in general. And because you're coming from a legitimate corporate account, they have no reason to otherwise believe that you really aren't that individual. Now when we talk about, you mentioned the life cycle or just kind of thought process of how an attacker is operating through an organization, you're thinking of, okay, we're past the initial access point, but now how can we perform lateral movement? How can we do privilege escalation and maintain persistence, right. And then actually do our damage or exfiltrate our confidential data, what have you. Sometimes when you're inside, you might have compromised that of a low privileged user. But from that low privileged user, you could obtain information on a higher privileged user that you wouldn't have been able to source externally. Right? Because now you're on the inside, you have access to this internal information and then kind of cyclically go through that process, you call in to a help desk, you see how they're trying to identify this person. And maybe you can't get so far as to reset both a password and, and their mfa. But if you're already inside, sometimes maybe just the passwords enough, right. And they might have internal policies that maybe when you're in the inside, they don't require mfa. And just getting that password is enough. And again, cyclically going to that process now you need this new user. What do they have access to? How can I better prepare another campaign where I call a help desk or maybe, maybe they're a manager, then I called the employees below them, things like that. Emily, have you want to add some more to that?
[12:52]
A
Yeah, so I can actually talk about the red team that I'm on currently. So we started this red team last week and like you said, this is all very tailored depending on what the client wants. So we discussed all this upfront with them first and it's a full red team. So we were still required to do all of our open source intelligence gathering, all of our pre text creation, payload generation, all of that. And so essentially the way that it went was through our open source intelligence gathering, we discovered some DNS records for SSO for TeamViewer, which means that they were using TeamViewer Enterprise, at least at some point. We also enumerated employee information, mostly things like LinkedIn, and we actually sorted them by hire date to try and find some of the newest members that had been hired at this company. So the way that the pretext worked was we called up this individual, we were actually spoofing the phone number of their IT person and we coincidentally had picked a target that a was super new, but the person that we were stealing the phone number and identity of was remote and no one had ever seen or heard this individual. A lot of their communication is written and over teams and the such. So we called her and we told her like, hey, we're having some issues on our end trying to log into your computer to install a patch through TeamViewer. So rather than immediately asking for her to, you know, log into the attacker portal or anything like that, we were just asking, can you please just see if TeamViewer opens? She verified with us that TeamViewer is opening. But again, kind of coincidence here through an error, so we're like, yeah, that's probably the issue. So we had her navigate to an attacker, our controlled portal, where we had her put in credentials for O365. We stole those, stole her session, and then we passed her on to actually downloading our payload and we got C2 checking that way. And like you said, and as we expected, this was a very low privilege user. So even once we're in the environment, we've actually got our callbacks and we're in control of a host and a user. Not a ton that we could do there. We did some enumeration of what was possible and through some ADCS misconfigurations, we actually escalated from that low privilege user to their domain admin in the first day.
[15:18]
B
So again, this is something obviously useful for initial access, but then also to kind of have that foothold that you build into the rest of the environment to move laterally when you employ it. And again, maybe this is based on sort of what the organization is looking for and how you tailor the engagement. But are you typically using this, would you say more at the initial access stage than lateral movement? Is it kind of both, do you do engagements where you try to do no more malware at all, just phishing, you know, social engineering, capturing credentials and trying to move that way. I'm trying to get a sense of kind of how this fits in with some of the other techniques that as red teamers, pen testers, you could employ in targeting an organization.
[15:57]
C
So I to answer the question on where we use it, right, I would say it definitely depends on where you're at in the project. So in, let's say you do get an email phish and you're able to get a payload, or again, you could voice phish for initial access. It doesn't necessarily mean that voice phishing stops there, right? I can give you an example from a project where we had gotten in to a user's account through an email phish and it was a standard user. They didn't have any administrative access at all by any means. But what they did have access to was their chat application that they used to converse with coworkers. But also an IT channel where users would post issues that they had that we were currently facing using this standard employee that had access to this IT channel. We kind of monitored for anyone with existing issues. And once we saw a real IT person give them a thumbs up on their issue, we followed up on their profile, see if we can get their direct phone number that was linked to their profile, and then called those users individually, knowing their real IT issue and basically saying, hey, we're here to help. And we utilize this as a method of lateral movement from the initial user we compromised to additional users in the network. Right. And kind of again, everything is cyclical. So once we get to that next user, okay, now what do they have when it comes to more of a direct privilege escalation example versus a lateral movement? I really wanted to stress, I guess, and I do a lot in the post, is the identification process and how it may be validating who on the phone actually is who they say they are. But also what are the controls around how employees are registering things like phone number, MFA and things of that nature. And I had an instance where we were able to exploit a flawed identification process at the business where they didn't require sufficient information or we would consider sufficient to validate the employee. And as a result we were able to change a high level user's password through calling into the help desk. But even though we didn't have the ability at this point to reset mfa, we found an application that was single factor at the time because the real employee had Never logged into it before. And because we were able to log into it, it wanted us to set up mfa. MFA was never set up, and we were able to register our own MFA device. So this allowed us from simply calling with again from a standard user having enough information on our target employee. After breaching the perimeter, we're able to convince the call center to reset the password and then set a new factor of MFA for this employee on an application that gave us administrative rights.
[18:55]
B
One of the things I was thinking hearing you talk about that is you really get a sense of, I guess, how an adversary could exploit identity and kind of the sort of structure around privilege and how identity works within a larger environment and how privilege is associated with that, how even things like multifactor authentication may or may not be enforced on certain applications. So when you think about that whole kind of chain of privilege or the sort of decision tree as you're moving through the network or accessing or trying to access different informations, you're essentially looking for ways that, that you can kind of break or exploit that identity chain.
[19:32]
C
Yeah. And in this particular example, we actually almost got so far as for them to provision us a virtual machine to this person's account so that we would be able to operate from a separate workstation from the actual hardware that they were provided. So definitely had this customer going through their identification process and essentially revamping that to account for this kind of issue.
[19:57]
B
So I think people should have a sense now at this point that this is a very powerful technique, both for initial access, lateral movement, other parts of the ATTCK lifecycle. I want to pivot to this blog, Emily, that you wrote, Whose Voice Is It Anyway? Because this takes this concept of vishing and the utility and compromising an organization by employing it, but it adds on the component of AI and adds on the point of component of voice cloning. And I think it's a really fascinating blog. Again, both these blogs will include linked in the show notes here. But as we think about what new techniques we could see from threat actors and leveraging generative AI. To me, this is, I think, one of the most powerful examples I've seen where you essentially did a proof of concept that this technique could be employed leveraging AI and doing this type of activity that we've been talking about. So maybe talk us, walk us through this kind of project that you did and what you were setting out to achieve.
[20:54]
A
Yeah, so, you know, initially we didn't really set out with the explicit goal of like, we're going to use AI vishing for X, Y or Z. We actually had a client that presented us with a really challenging vishing scenario where they wanted us to vish someone on their security team. The individual they wanted us to vish was actually really good friends with our point of contact that we had been running the engagement with. So you know, this would be considered a spear vishing vishing one specific person who you know we were going to impersonate our point of contact. Doing that where there's already some sort of pre established trust was a really difficult thing to do. He knows what he sounds like and things like that. You know, I had seen some of these open source voice models being used for other things and I thought how hard could this actually be to use as a red teamer? So we actually got permission from our point of contact to record their voice, train a model on it and call this security team member impersonating our point of contact. So we did this with the AI model that we trained and additionally to that we spoofed our point of contact phone number. I clearly remember when the individual answered the phone with hey boss. And that immediately put me into character. The pretext that we had had for that was they were experiencing some VPN outages. So we called as the security admin's boss saying hey, I think we've got a temporary VPN client patch that we can test out to kind of get around this. We don't want to roll it out to everyone without testing it. Could I have you try and execute this for me? We had the security staff member navigate to our browser in the middle framework where we harvested credentials from them, had them download this fake VPN patch and they had actually had some initial troubles running it and we had to walk them through bypassing like the smart screen prompts and some marketoweb stuff. And I mean throughout the whole call, just no suspicion at all that this was AI in any way. All this is real time. I'm on the other end of the call and sure enough we got our payload deployed and rest is history. We've been doing that regularly for clients ever since.
[23:16]
B
I was going to ask you, was this prior to you mentioned this story in the blog, but the now infamous Hong Kong essentially I think it was like a BEC type incident. But was this prior to that event where you're like, oh, you saw that? You're like okay, could we emulate that? Or was this after that? That had been kind of talked about as a technique.
[23:36]
A
I believe that this was just before the Hong Kong incident. I want to say that happened in February and we had done this in December. So, you know, we did our engagement. I was in the middle of writing the blog post and then the Hong Kong incident happened. I was like, this is about to get really big.
[23:54]
B
And how much data did it require to train the voice model? I mean, in terms of number, roughly like, you know, number of hours of recordings to emulate this individual's voice.
[24:05]
A
Yeah. So actually that's one of the things that kind of surprised me about this attack vector is we only needed 10 minutes of audio data. And I mean, this is just audio data through a normal microphone during a meeting. 10 minutes of audio data and several hours of training was enough to create a really convincing voice model.
[24:24]
B
And then I think one of the things that, what stood out to me that I found interesting about that, and it gets kind of back to what we were talking about earlier about using vishing both as initial access but also lateral movement, is I can't remember if you use this in the engagement or just mentioned the feasibility of it, but being able to gain. Once you're inside the environment, you find recordings of, you know, a team's call, you have now recordings of an individual who's internal. And so you think it's, it's obviously easier if you have, you know, someone's executive, their CEO is on Bloomberg or financial media. There's tons of recordings out there, although it sounds like you don't need much. But what if you have an admin you don't have public recordings of, but now you can gain access to an environment and you find their voice on a call, a conference call internally and then you can train that model again and continue carrying out this technique.
[25:14]
A
So I was actually just on an engagement where we had compromised a low privilege user and we discovered a share, a network share of files in the environment that all users had access to. And it contained every phone recording that had ever been had on a corporate phone device. And that immediately came to mind. I was like, this could absolutely be used to train models, additional models for AI voice cloning, lateral movement.
[25:41]
B
So given that you have a lot of different skill sets in your toolbox when you're thinking about approaching compromising an organization, escalating privileges, moving laterally, doing the entire life cycle, and that this is now one that I think in particular you guys have been leveraging, how do you think about the utility of it? So there's certainly a feasibility that I think you've, you've shown and demonstrated. But is this something that's Absent any customer direction, Is it something that you would use sparingly? Is it something you do find pretty effective in specific use cases? I don't know if that makes sense. But in terms of utility of a technique, how do you find that it's played out in some of these engagements.
[26:19]
A
So without any client guidance, it's certainly harder. We have to lean on our open source intelligence that we're able to gather. I was actually on a AI voice cloning engagement where the client wouldn't give us any kind of data that would help us with our engagement, including any of the voice data. The person they wanted us to impersonate was actually the, the CI, I believe the CISO of their company. They had given talks, plenty, plenty of talks. And we were able to create a voice model of them just from data on YouTube, you know, that takes several hours. And through that we were actually able to get initial access by doing that, finding out the individuals that directly worked for that person and giving them a phone call and saying that I believe that pretext was there was an urgent need for X, Y or Z and it needed to be done now. And the individual actually panicked. And I had not realized that they weren't at work that day. They had actually had the day off. But they opened up their laptop quickly, logged on and they tested. I think it was some kind of firewall isn't working pretext or that it was blocking something I absolutely needed to get to and we were able to get a payload that way. So certainly harder, but I think still a really valid utility to have.
[27:34]
B
And I think that's an. It's an interesting question. You think about looking forward this as a technique, both vishing, I would say writ large, but then also using voice cloning for it, where you're trying to emulate a specific person's voice. It will be interesting to see how prolific of a technique this will be leveraged by threat actors. I think certainly there are going to be. Well, there already are threat actors that are doing this, but is this something that is going to become more widespread and so maybe kind of tying all this together for both of you. You've both done a lot of engagements that have involved vishing either voice cloning or not. What have been some of the things that have thwarted you? What have been some of the things that if you were to say, okay, if you're an organization, you hear all this, it sounds very scary that they should be kind of focused on in terms of putting things in place from a policy standpoint, detection standpoint maybe what are some of the advice you would give on the defensive side that would make your guys jobs harder?
[28:32]
C
Yeah. So I would start out by saying, admittingly, every organization is different, right? There's different reasons why there are certain controls in place, maybe more lenient in certain cases versus others. And that's one of those things where when we're working with a customer, you get on more of that intimate level where they can kind of explain to us, okay, this is why we have this the way it is. But for kind of like general best practices that every organization can try to apply and stuff that stop me directly is the biggest one enforcement of MFA as a whole. Right. So if even if we're able to convince for a password reset for externally facing infrastructure, if you have enforced MFA and proper conditional access policies that don't get around MFA in any way, that would prevent further exploitation of an account, right. Where you can get a password reset. Now, when it comes to the resetting of other items such as MFA directly or even let's say a factor that's used to identify a person, let's say they verify you via a text message and it goes to a specific phone number or an email, right? To prevent resetting of any sort of verification procedure, one of the biggest things that has stopped me, and I recommend it to all my clients, is getting that individual's manager involved directly for that process, or have that individual come on a phone call, video chat, whether it be Google, Meet teams, Zoom, any application that that organization utilizes and verify them with a either government issued ID or employee id. And for past resets, MF resets or any kind of reset. Additionally CC the manager when that happens. So make sure that they're aware you get that third party involvement in that change. This way if the real employee is affected, they'll know immediately as well and you can kind of close down on any sort of issue. Now for mfa, that's going to vary again, client to client, who's allowed to have what kind of mfa, whether, how expensive is it going to be if you want to provide everybody with physical MFA versus kind of an application on your phone, if you're allowed to put an application on that user's phone, all kinds of things like that. But that has been alone one of the best technical controls. Now in addition to that, some common attacks that we would do is we try to reset the MFA first and then go for the MFA for the passion reset. So other other kind of techniques is utilizing your ticketing systems for kind of more of alerts around, okay, was there a passage reset and then an MFA reset or an MFA reset and then a passage reset. And kind of drawing some correlation between these, these changes in the environment that should raise a lot of flags by security. Hey, why are we fully changing this person's account on such short notice? And then again, it always comes back to and why this attack vector is successful is you're preying on the individual, whereas it's a less technical control. You can't really have full control over a person, but you can train them to identify suspicious activity, to reach out through other means to verify that the person you're talking to really is that person. And if you can't verify them again, their manager or another individual who could do that on their behalf. That would be like kind of a general recommendation that I would say, yeah,
[32:04]
A
and just to hop in something that's stopped me plenty of times. And this all comes down to employee training is as attackers, we can spoof the phone number that's showing up on your phone when we call, but if you call back, of course it's going to go to the, the actual intended individual, not back to us, the attacker. So as a victim receiving a call where something very urgent is being asked of you, or maybe if something's too good to be true, a very simple way to kind of avoid a situation like this is to say, hey, can I call you back real quick? And that call is going to go back to the legitimate person that we were impersonating. The same thing kind of goes for email. You know, if we hijack an email relay, we might be able to send you a message, but if you respond to it, it is going to go to the person, the genuine legitimate person. So those are really easy ways to just kind of work that into your employee training. Other things that I've seen are if there's any kind of suspicion that maybe communication as a whole has been breached. Having dedicated out of band communication that everyone is aware of to use ahead of time, of course, not post breach ideally. And then for AI specific recommendations as this gets more prolific. I've even seen organizations start to use, as ridiculous as it sounds, code words that rotate on a daily basis. You know, for your high ranking executives, for your people that are able to make very damaging changes to your organization.
[33:30]
B
Yeah, I've certainly heard that become more common as well, sort of again, the concept of putting additional security around people with more privilege or you know, ones you want to secure more closely. Curious as we close here, any thoughts on where as a Technique, we are going to see this go again on the adversary side, whether it is just, you know, normal vishing or AI enabled. Is this something that you think we're going to see more of as some of these other avenues to compromise organizations maybe become more secure? I mean, we continue to see phishing drop, I think, year over year in M trends. I think that probably in part is pointed to better detections and processes to prevent that as an avenue. But is this something that you think we're going to see more and more of?
[34:17]
C
Yeah, I'd say for sure. I don't think phishing as a whole is going away anytime soon. Especially the more we rely on all of these different methods of remote interaction. Right. It's just, it's par for the course of how a lot of these technologies even work now. Again, there's all of these strategies you could put into play and processes that you can really refine to better protect the organization. As mentioned earlier in our talk, there's the whole realm of the personal device and the personal computer and that world that a company really doesn't have a lot of direct control over. And it's a path for attack. Now, in addition to voice, I know even the video AI has been getting a lot better and I've heard tons of stories of fake, even zoom calls, right. Or fake teams calls or video where they try to utilize AI to not only impersonate a person's voice, but the way they look. I think that all of these are kind of innovations for the future from an ATTCK perspective. But at the same token, in time you can utilize AI maybe to better identify the real people and kind of have alerts in that respect. Maybe you have voice recordings of your employees where AI can compare them to someone trying to impersonate it and things of that nature. I think there's a lot of innovation on the defensive side as well where you can utilize AI in that way. To say that the attack vector would be going away, I don't think would be true.
[35:51]
A
Yeah, it's like I said earlier, it was kind of shocking to me how low the barrier to entry for this attack vector already is. I mean, you've got people using this in video games just to sound like celebrities or like characters from TV shows that people like. I've seen people impersonating YouTubers, people making fake videos of US presidents. So this is all being done on consumer hardware with open source models. The barrier to entry is already super low for voice at least. I don't see why that you know, trend wouldn't continue and video starts to become more accessible as well. As a matter of fact, I think the FBI just released a notice a few days ago that they're starting to see people impersonate senior U.S. officials. And I know I've seen a few more reports about this happening more in the financial sector.
[36:42]
B
Well, that's certainly a, you know, anytime you're covering some of the cyber trends, especially in the cutting edge, some of the scarier content to talk about. But I think, you know, hopefully folks get a sense of, I think the creativity with which your team in the mandate Offensive Security Services approaches this. And I think, you know, doing these sorts of engagements that you do for customers really does help them kind of harden and increase the prevention of these potential threats. So thank you both for sharing your insights today. We'll have to have you back on again sometime soon and see how the landscape has progressed around this particular. Trent, I think it is, it is really fascinating, as scary as it is, but a lot of good insights here. So, Nick, Emily, thank you both for joining today.
[37:26]
A
Thank you so much for having me.
[37:27]
C
Thank you.