Intercast May 2025 – Synthetic Candidates

Welcome to the May 2025 edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to bring you up to speed.

In This Issue:

  • Client Insight: Synthetic Candidates
  • Quantum Threats Looming Say Cyber Chiefs
  • Spanish Power Grid Outage: Cyberattack Unlikely
  • GPTs Weaponised As Cybercrime Tools
  • Employee Monitoring Tool Exposed Millions Of Screenshots
  • Best of the Rest

Client Insight: Synthetic Candidates

This month, we can’t stop thinking about multiple reports of “synthetic candidates”: AI generated fake candidates that don’t just provide a fictional resume but could even bluff their way through video interviews using deepfake technology.

Ironically, it’s a classic case of one of the key definitions of risk: the likelihood of a negative event happening multiplied by the damage such an event would do. It’s possible the chances of a deepfake candidate getting through a video interview are actually very low. However, the damage from a bogus candidate getting a security role can be immense. We’ve covered several stories in recent months of remote security workers turning out to be malicious actors based in North Korea.

The big lesson is that security hiring needs to be more than a tickbox exercise. Asking candidates competency-based questions about how they’ve tackled specific issues and solved specific issues is just as important as filtering them with checklists for past employment or qualifications. Seeing the individual rather than the resume has always been a smart way of getting the right person for the right job, but now it might be a security benefit as well.

Quantum Threats Looming Say Cyber Chiefs

The UK’s National Cyber Security Centre says the quantum threat to encryption means organizations have a decade at most to transform their policies. It puts a specific timescale on a much discussed issue.

It’s based on the idea that the speed and parallel processing abilities of quantum computing will remove key practical limitations on brute force attacks and algorithm cracking. The industry has known for some time that alternatives to public key cryptography will eventually be a must, but it was a matter of debate when we’d reach the point some have already dubbed ‘Y2Q’.

The UK agency has now formally suggested a deadline of 2028 for assessment and planning, 2031 for moving top priority systems to “post-quantum cryptography” and 2035 for moving all systems.

Spanish Power Grid Outage: Cyberattack Unlikely

Following a power grid shutdown that left people in Spain and Portugal without electricity for nearly a day, speculation quickly turned to whether a cyberattack was responsible. A lack of official information about the shutdown, plus an apparent absence of communication between Spanish and Portuguese officials, meant it was hard to tell if there was something to the speculation or if a conspiracy theory was simply filling an information vacuum.

Security researcher Ruben Santamarta wrote a great LinkedIn post exploring the question by breaking down exactly what such an attack would involve. He concluded that it would require such a sophisticated operation that it would only make sense as part of a full-blown state-backed operation, likely the first step in an even more dramatic campaign.

Santamarta’s conclusion was both reassuring and concerning depending on your viewpoint. He noted that it was highly unlikely foul play was to blame: but if it was, a short blackout is probably the least of our worries.

GPTs Weaponised As Cybercrime Tools

Modified AI large language models designed for producing malware are the latest cybercrime tool for sale in less official online markets. Some of their powers may be overhyped by shady salesmen, but it’s a reminder of the importance of guardrails on evolving tech.

Check Point produced a report on the topic looking into products such as WormGPT, GhostGPT, DarkGPT and other titles with a similar lack of subtlety. It noted two main approaches. The first was taking existing proprietary tools and installing jailbreaks to overcome built-in protections against misusing the tools to generate malicious code or material for phishing operations. The second was to take open source models and change the functionality.

The report also noted some malicious actors were finding more creative ways to abuse legitimate AI tools. This includes inserting malware into the data used to train AI models, and even creating bogus news sites specifically designed to be scanned by large language models, thus making them spread political disinformation.

Employee Monitoring Tool Exposed Millions Of Screenshots

Reporters say they found 21 million screenshots of worker computers open to view online. The images came from employee monitoring tool WorkComposer.

The tool is designed to track activity (and potential policy violations or security risks) by taking screenshots as often as every 20 seconds. However, Cybernews discovered the screenshots were in an unsecured Amazon S3 bucket.

The reporters were understandably reluctant to share specifics of what they saw, but it appears the “bucket” was filled with the latest images from the software, effectively giving a near real-time insight into the workers’ activity.

Cybernews says it contacted WorkComposer and the security breach was rectified. However, the incident may have posed a significant security risk to customers, as well as creating serious problems under data protection laws.

Best of the Rest

Here’s our round up of what else you need to know:

Back to Blog