Deepfaking it: the new cybersecurity frontier

A few weeks ago, on a routine company video call, one of the tech groups decided to prank the boss and five of them turned up looking like him.

“It was very spooky. They used a publicity still of me and the person in the publicity still was blinking, moving his head, smiling, talking, saying things I don’t say, but it was me,” Andrew Bud, chief executive of biometric authentication provider iProov, recalls.

Over the past couple of years, deepfakes – manipulated videos or audio recordings that appear to show individuals doing or saying things they never did or said – have started to emerge. Most feature celebrities or political figures, with some created purely for amusement value and others vehicles for misinformation.

Deepfake threat to businesses

However, new types of deepfake have now entered the frame with the aim of committing fraud. Indeed, the use of deepfake video and audio technologies could become a major cyberthreat to businesses within the next couple of years, cyber-risk analytics firm CyberCube warns in a recent report.

“Imagine a scenario in which a video of Elon Musk giving insider trading tips goes viral, only it’s not the real Elon Musk. Or a politician announces a new policy in a video clip, but once again it’s not real,” says Darren Thomson, head of cybersecurity strategy at CyberCube.

“We’ve already seen these deepfake videos used in political campaigns; it’s only a matter of time before criminals apply the same technique to businesses and wealthy private individuals. It could be as simple as a faked voicemail from a senior manager instructing staff to make a fraudulent payment or move funds to an account set up by a hacker.”

In fact, such attacks are already starting to occur. In one high-profile example in 2019, fraudsters used voice-generating artificial intelligence software to fake a call from the chief executive of a German firm to his opposite number at a UK subsidiary. Fooled, the UK chief executive duly authorised a payment of $243,000 to the scammers.

“What we’re seeing is these kinds of attacks being used more and more. They’re not overly sophisticated, but the amount of money they’re trying to swindle is quite high,” says Bharat Mistry, technical director, UK and Ireland, at Trend Micro.

“I was with a customer in the UK and he was telling me he’d received a voicemail, and it was the chief information officer asking him to do something. Yet he knew the CIO of the organisation was on holiday and would never have phoned. There was no distinguishing factor, so you can see how clever it is.”

Attacks such as this follow the same pattern as traditional business email compromise scams, but with vastly more sophistication.

“We’ve seen all these cloud technologies, things like analytics, machine-learning and artificial intelligence, and deepfakes are just an extension of that technology, using the tech in an abusive manner,” says Mistry.

Source: Ranconteur

Read the Full Story Here