Deepfake technology utilizes machine learning and artificial intelligence (AI) to manipulate or create synthetic audio, video and images that appear authentic. Deepfakes are commonly featured in entertainment and politics to spread false information and propaganda. For instance, deepfake has been used to show a celebrity or leader saying something that they didn’t, and this creates fake news.
Unfortunately, in deepfakes, cybercriminals have found a new tool for cyberattacks. Cybercriminals are now using deepfakes to pose a variety of enterprise risks.
How Cybercriminals Are Using Deepfakes
Deepfake technology is now used to create scams, hoaxes and false claims that undermine and destabilize organizations. For instance, a manipulated video might show a senior executive associated with fake news, such as admitting to a financial crime or spreading misinformation about a company’s products. Such corporate sabotage costs a lot of time and money to disprove and can impact a business’s reputation.
Another way businesses can be negatively impacted is through social engineering attacks such as phishing, which relies on impersonation to compromise an email. Similarly, social engineering using deepfakes can feature voice or video impersonations. A good example of such an impersonation was reported in The Wall Street Journal, in which fraudsters used AI to mimic a CEO’s voice. This incident happened in March 2019, when criminals impersonated a chief executive’s voice to direct a payment of $243,000.
Cybercriminals are able to execute social engineering attacks by accessing readily available information online. They can research a business, employees and executives. The criminal will even use an actual event picked from social media – for instance, a financial director who is just returned to work from a holiday – to sound more legitimate.
This emerging security threat is also made possible by the development of video editing software that can swap faces and alter facial expressions. Such developments have enabled deepfakes to fool biometric checks (like facial recognition) to verify user identities.
The deepfake cybersecurity threat has become such a concern that the Federal Bureau of Investigation (FBI) has issued a Private Industry Notification (PIN) cautioning companies of the possible use of fake content in a newly defined cyberattack vector referred to as Business Identity Compromise (BIC).
How to be Prepared and Protect Against Deepfakes
Deepfake videos and images can be recognized by checking for unnatural body shape, lack of blinking in videos, unnatural facial expressions, abnormal skin color, bad lip-syncing, odd lighting, awkward head and body positioning, etc. However, cybercriminals keep evolving and creating more convincing deepfakes.
Other measures introduced to combat deepfakes include creating solutions that detect deepfakes. There also was an introduction of deepfake legislation in the National Defense Authorization Act (NDAA) in December 2019.
Unfortunately, this has not been enough, and enterprises have the task of helping reduce the impact of these attacks. The following measures can help:
Deepfake is an emerging cybersecurity concern that requires enterprises to be aware of its potential threats and stay prepared. Although it might be possible to identify a poorly generated deepfake with the naked eye, the technology continues to advance. In response, countermeasures must keep pace.
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact a professional regarding the topics in these articles. The images linked to these articles are protected by copyright and should not be copied for any reason.