According to Seqrite’s Predictions 2020 Cyberthreats report, deepfakes in the use of cyber-frauds are considered to be one of the biggest threats for 2020.
The term itself is a combination of the words ‘deep learning’ and ‘fake.’ In an era of mega proliferation of fake news, deepfakes are hybrid software products developed especially to engage in cybercrimes. They refer to videos which have been manipulated by artificial intelligence to present fake information — deep learning neural networks manipulate video (faces) and audio (voice) to alter content used as bait for consumers.
The Mark Zuckerberg deepfake
Perhaps the biggest example of a deepfake was the Mark Zuckerberg video created by two artists uploaded on Instagram. In the video, the founder of Facebook is shown to be talking about the social media giant’s power. However, what caused real concern worldwide was that the fake video looked extremely natural. Experts worried that had the video not been pointed out as a deepfake, it would have easily been passed off as real.
The creators of the Mark Zuckerberg deepfake also created similar videos of other popular celebrities to demonstrate the huge power of this technology. Another deepfake video of Barack Obama created by BuzzFeed also went viral, showing the former US President using profanity and warning viewers to not trust anything they see on the internet.
When it comes to enterprise security teams, deepfakes pose significant concerns — for malicious attackers looking to gain access to secure systems and steal data, deepfakes serve as a potent weapon to gain employee trust and could be used in a variety of cyber-frauds. In a recent case, the CEO of a UK firm believed he was talking to his boss who asked him to transfer $243,000 to a supplier. However, this was a fraudulent call – AI-based software had impersonated the CEO’s boss and hence the CEO was tricked.
A classic form of social engineering
Does the above example sound familiar? If it does it’s because deepfakes are an advanced form of social engineering where attackers trick employees into revealing confidential data. Since deepfakes are extremely convincing, they could be easily used to perform the following kinds of cyber-frauds:
Business Email Compromise (BEC) attacks
As the above example showed, deepfakes could be used as a much more persuasive tool in Business Email Compromise (BEC) attacks. Employees could be easily tricked by deepfake videos — senior leadership providing specific instructions would certainly ensure that employees don’t think twice about any measures they are asked to carry out.
As it is difficult to ascertain deepfakes from real ones, enterprises must be extremely vigilant about deepfakes being used for phishing. An attacker could conceivably use a deepfake to make phishing attempts seem more plausible.
Deepfakes can cause trouble for systems which require facial recognition. Hence it could be used for imposter scams where criminals pretend to be someone else to try and gain information.
As one of the most important trends of this year, deepfakes are likely to see a rise in usage by malicious elements to supersede security protocols. Enterprises must stay extremely vigilant and continue educating employees about this dangerous technology by providing extensive training on how to spot, avoid and report deepfakes.