When Seeing Isn’t Believing: Deepfakes in Cybercrime

Let’s delve into a potent force getting out of hand: deepfake technology. At first a novelty for entertainment, deepfakes have rapidly evolved into a formidable tool in the hands of cybercriminals, posing serious risks to businesses and society at large.

Research conducted by ISMS.online (State of Information Security) suggests that deepfakes are already the US's second most common Cybersecurity Incident.

In this article we explore the mechanics of deepfake attacks, their growing prevalence, their impact on organisations, and strategies to counter this rising menace.

The Mechanics of Deepfake Attacks

Deepfake technology leverages artificial intelligence to create convincing audio and video fabrications of individuals. These synthetic media pieces can be utilized in malicious activities, such as impersonating executives to manipulate stock prices or gain unauthorized access to sensitive information. One common scenario involves Business Email Compromise (BEC) attacks, where deepfakes of CEOs or other high-ranking officials are used to trick employees into transferring funds or disclosing confidential data (CISA) (SecurityWeek).

One 2023 case study involved attackers using deepfake audio and video to impersonate a company's CEO, successfully convincing a product manager to release proprietary information (SecurityWeek).

Another striking example is British engineering firm Arup who fell victim to a $25 million deepfake scam in early 2024. Cybercriminals used a deepfake video to impersonate a senior executive, convincing an employee to transfer funds. The deception was so convincing that it overcame employees suspicions (9News) (Tech Monitor).

This illustrates the effectiveness and danger of deepfake technology in social engineering attacks.

Growing Prevalence and Advancing Tools

The availability of advanced, yet accessible deepfake tools has made it easier for cybercriminals to perpetrate these attacks. Free and freemium apps like SwapFace and DeepFaceLive enable even non-technical individuals to create believable deepfakes (SC Media). The use of these tools has skyrocketed, with a 704% increase in attacks on biometric and video identification systems reported in 2023 (SC Media).

Moreover, threat actors continuously share techniques and tools, enhancing their capabilities. The number of groups exchanging information about deepfake attacks nearly doubled between 2022 and 2023, highlighting the growing sophistication and collaboration among cybercriminals (SC Media).

Impact on Businesses and Society

The implications of deepfake technology extend beyond immediate financial losses for example Deepfakes can be used for market manipulation, where fabricated statements from executives lead to stock price fluctuations, benefiting those who trade on the false information (SecurityWeek). Deepfakes can alter public opinion with consequences for elections and social stability, contributing to an erosion of trust in digital communications.

Countermeasures and Recommendations

To combat the threat of deepfakes, businesses and security teams should implement proactive detection and prevention strategies, and may wish to consider:

• Security strategy and policies: Evolving security strategy with key stakeholders so that relevant risk management, policies, and procedures are in place.
• Training and Awareness: Educating employees about the risks of deepfakes and training them to recognize potential threats. This includes conducting executive tabletop exercises to prepare for potential deepfake incidents (SecurityWeek).
• Authentication Measures: Enhancing identity verification processes such as using multi-factor authentication and ensuring that biometric systems are robust against digital injection attacks (SC Media) (SecurityWeek).
• Clarify verification protocols: ?Examining payment and business-critical asset (such as IP) transactions are managed in practice to verify policies are being followed.
• Technological Solutions: Employing advanced detection algorithms that analyze biological signals, phoneme-viseme mismatches, and inconsistencies in video frames (SecurityWeek).

?

The Road Ahead

As deepfake technology continues to gain pace, so must the defenses against it. The rapid improvement of deepfake creation tools outpaces current detection capabilities, making ongoing innovation and vigilance crucial. Organizations are encouraged to adopt a strategic approach and incorporate comprehensive security measures to mitigate the risks posed by deepfakes.

By staying informed and proactive, businesses can better protect themselves from the deceptive power of synthetic media.

Are you concerned by the challenge modern threats pose to your business, feel free to drop me a line for a chat.

_____________________________________________

Enjoy reading this edition?

Consider subscribing to the Bright Insights Newsletter for weekly cybersecurity updates and insights:

https://www.dhirubhai.net/build-relation/newsletter-follow?entityUrn=6978673051278135296