?? Behind the Scenes: Q&A with the iProov's Threat Intelligence Experts
Hear directly from the security leaders who track the evolving threat landscape, Andrew Newell (Chief Scientific Officer) and Matt Welch (Head of iSOC) share their firsthand experiences and unique perspectives on the trends documented in our comprehensive 2025 Threat Intelligence Report.
While you may be familiar with the report's findings – such as native virtual camera attacks increasing by 2,665% and face swap attacks surging 300% – this Q&A offers a glimpse into how our security leaders interpret these trends and what keeps them vigilant in the fight against identity fraud.
?? "Flawless Deepfakes": Our Experts on AI Threat Evolution
Q: How have you seen the sophistication of deepfakes develop over the last 24 months?
Andrew Newell: “Previously observable flaws – like unnatural eye movements or inconsistencies during complex actions – have largely disappeared. Today's face swap technology is so advanced that deepfakes remain flawless when someone performs complex actions like removing glasses. For short videos of basic actions, it's now virtually impossible for the human eye to detect synthetic content*."
?? *This claim is corroborated by the Alan Turig Institute: “we have reached the inflection point where humans are unable to meaningfully distinguish between AI-generated versus human-created digital content.”
?? New Alert: Image-to-Video Conversion Attacks
Q: Can you explain the image-to-video conversion attacks your team has identified?
Andrew Newell: "This technique transforms static images into convincing video content that poses substantial challenges for remote identity verification systems.
What makes this technique particularly dangerous is its simplicity. It's a two-step process: threat actors obtain or create a synthetic face image, then use image-to-video conversion tools to animate it with fluid motion that closely mimics genuine video content. These tools can animate imagery in ways that look incredibly lifelike, making them especially effective against systems using active challenge-response mechanisms."
?? ?? Native Virtual Camera Attacks: A Primary Threat
Q: The report mentions a 2,665% increase in native virtual camera attacks. Why are these so significant?
Andrew Newell: "Native virtual camera attacks represent one of the most significant developments in the threat landscape. These applications run directly on mobile devices and allow attackers to inject pre-recorded or synthetic video into the verification stream. What makes these particularly concerning is that many don't require the device to be rooted or jailbroken, making many traditional cybersecurity measures ineffective. We even discovered a malicious camera app in a mainstream app store, highlighting how accessible these attack tools have become."
?? Inside Criminal Networks: The Growth of Attack-as-a-Service
Q: How have attack-as-a-service communities evolved in the past year?
Matt Welch: "We've identified 31 additional online threat actor groups in 2024, bringing the total ecosystem to nearly 35,000 users. What's particularly interesting is that 68% of these users are in groups that sell their own tools. These groups are increasingly sophisticated, with nine having over 1,500 users and the largest reaching 6,400 members.
They're now offering comprehensive solutions instead of just selling software – creating models from provided imagery or complete account creation services. Another concerning trend is the increasing cross-regional collaboration, with groups previously isolated by language or geography now sharing information and trading resources."
??? Recently Discovered: "ID Farming" Operations
Q: You mentioned a recently discovered "ID farming" operation. How do these work?
Matt Welch: "At the end of last year, our iProov Security Operations Center (iSOC) team uncovered a dark web group that had amassed a significant collection of genuine identity documents and facial images specifically designed to bypass KYC processes. What's particularly concerning is that individuals willingly provided these identities in exchange for payment. This operation was initially identified in Latin America but is now linked to European fraud networks. This combination of legitimate documents with synthetic faces creates a particularly dangerous attack vector."
领英推荐
?? Multiple Attack Vectors
Q: The report mentions over 100,000 possible attack vectors. How is this possible?
Andrew Newell: "The complexity extends far beyond individual tools. We're tracking 127 distinct face swap applications, over 10 emulator technologies, and 91 virtual camera tools. When combined, they create 115,570 potential attack combinations. This has significant implications for security testing – conventional assessments simply cannot adequately capture this complexity."
?? Why Face Swaps Remain Dominant
Q: Why are face swaps the preferred deepfake method for attackers despite all the technological advances?
Andrew Newell: "Face swaps give threat actors maximum control. They can maintain all the non-identity cues like motion, hair, and background environment while replacing just the facial identity. What's particularly concerning is that the number of face swap tools has increased over the past year, and threat actors can cycle through different tools until they find one that works against a particular system."
??? Recommended Actions
Q: What is the most important action organizations should take based on this report?
Andrew Newell: “Traditional security approaches alone are no longer sufficient – especially with tools like native virtual cameras that don't require rooted devices. We recommend a multi-layered approach that combines the best practices in cybersecurity with sophisticated biometric liveness systems. Success requires a commitment to constant security evolution backed by managed detection and response (MDR)"
?? Watch the Threat Intel Webinar
Andrew and Matt discussed these findings in great detail last month, providing actionable insights for protecting your organization.
?? Download the Full Report
Download our full Threat Intelligence Report 2025 for a comprehensive analysis that includes our recommendations on defending against these threats.
?? Demo
Ready to explore how iProov's biometric verification can protect your organization? Our team of experts is here to help.
Best regards,
The iProov Team