Guide Types of Attacks

Here is why the threat of deepfake might be scarier than you think   

Here is why the threat of deepfake might be scarier than you think  

Our face is a unique part of our identity. Threat actors count on that. The word ‘deepfake’ isn’t a thing of the future anymore. It is right there, knocking at the door of businesses, but the question is whether it is answered with awareness and the right expertise.  

Let us explore.

2023 saw a whopping increase in loss for businesses with the Federal Trade Commission alone reporting losing more than $1 million in identity theft. With the increased weaponization of AI and Machine Learning tools, this number is more likely to grow.  

After social engineering and phishing, deepfakes are the next on the list of favorites for the cyber criminals of the evolving threat world.  

Businesses are in for a greater challenge than before having to form serious security measures that can authenticate the synthetic and fake against the human and genuine/  

But first, 

What is Deepfake? 

Deepfake is the result of Deep Learning being used to recreate fake images, videos, and audio based on the input. The increased development in AI and LLM or Large Language Models have caused deepfakes to seem so realistic that it has become a challenge for humans to spot genuine from fake.  

What is a deepfake attack? 

A deepfake attack is when a cybercriminal engages in cyber attacks, typically social engineering attacks by leveraging AI-based deepfake tools that are designed for high-level manipulation.  

A typical Deepfake-based phishing involves an attacker impersonating the voice, image, or video replication of a real-life person to bait their victim into giving away their sensitive information or engaging in a financial transaction. They can even embed malware into a deepfake video or image to bait their target into clicking them to deliver ransomware.  

Real-world examples of deepfake attack

1st: LastPass Employee Targeted With Deepfake Calls

Only recently an employee from the world’s renowned password management company, LastPass almost became victim to a deepfake attempt where the attacker disguised as the company’s CEO! The company evaded the attack when it identified the activity to be suspicious since doesn’t use WhatsApp as its communication channel. The employee ignored the calls and text messages and reported the suspicious activity to LastPass’ internal security team who took quick action to block the threat actor.  

LastPass had a narrow escape, not all are lucky enough  

2nd: Deepfake heist in Hong Kong

In February, a gang of Deepfake scammers walked off with over $25 million dollars in a sophisticated Deepfake AI-based Heist in Hong Kong.  

They tricked the company’s top executives by recreating the company’s chief financial officer and other important people in a video call where they instructed an employee to transfer funds.  

As per the World Economic Forum, one of the top risks in 2024 is the spread and use of disinformation. Deepfake is quite possibly one of the most dangerous cyber threats out there with the potential to cause social tension through disinformation by fabrication of public figures, influential personalities, etc.   

It has the potential to cause nationwide chaos when abused. In a research report conducted by Crime Science Journal, AI-enabled crime is one of the top risks associated with the use of AI in 2024  

What are some common Deepfake threats? 

As per the CISA, Deepfake can be leveraged by the attackers to:  

  • Threaten to defame a business’ brand image in exchange for a ransom 
  • Impersonate top executives in an organization (financial officers, CEO, etc.) 
  • Gain access to networks, snoop on information, and alter sensitive information  
  • Cause social polarization through impersonation of political figures 
  • Engage in deep fake based social engineering using texts, voice, and videos 

What are some of the common ways to prevent Deepfake attacks?  

There is no sure-shot way to prevent becoming a victim of a deepfake attack but here are some tips that might become handy in securing yourself from a deepfake attack.

Tip 1: Perform a periodical security check of your online account  

It means checking whether you have implemented the hygiene security measures to keep your account secure. It includes setting a strong password, enabling multi-factor authentication, enabling login notification, and using a password manager.  

Tip 2: Improve awareness of deepfake and other weaponized AI attacks 

A majority of people are unaware of some of the common cyber threats which increases the possibility of them becoming a victim of deepfake-based phishing attacks. It is imperative to educate self on the latest developments in deepfake-based attacks and learn how to spot a deepfake. Some of the common signs to spot synthetic media include unnatural blinking of eyes, unfamiliar facial expressions and movements, and inconsistent lighting.   

Tip 3: Use a watermark or a digital fingerprint on personal images 

It will make it difficult for cybercriminals to use personal images to create deepfake images and videos for an attack. Avoid sharing personal information on social media that can be leveraged by attackers to engage in deepfake phishing.   

Tip 4: Report deepfake 

If you encounter a deepfake associated with you or anyone whom you know, report them immediately to the internal team for security and law enforcement and other agencies regarding the unauthorized use of information.  

Tip 5: Conduct awareness training  

One of the best ways to prevent becoming a victim of deepfake attacks is to bridge awareness gaps on such attacks with tips to spot deepfake attacks and establish policies where employees use only authorized communication channels, verify links, and report deepfake-based incidents.     

Stay Safe with SharkStriker

Read More

Endpoint Security