Deepfake Technology and Cybersecurity: The Threat of AI-Generated Fraud

Deepfake Technology is something about combining deep learning with something fake. It creates images or events that actually do not exist. Deepfake technology is used to mislead the public by spreading false or wrong information. Such as a Politian deep fake can be used to spread a public opinion about something sensitive in nature such as caste, elections etc.

Threat actors are evolving rapidly and getting smarter due to rapid technology advancements. The innovation led by artificial intelligence and machine learning created more convincing ways to attack and make deep fakes for deception and manipulation.

AI is creating realistic yet fake photos, videos and audio which looks genuine and near to actual content. Cyber criminals use deepfake technology to trick victims and get into what they want. It could be your credentials, a payment, personal details or sensitive information. 

In this article we will learn more in detail about deepfakes, what is a deepfake, how it is impacting cyber security. 

What is Deepfake Technology?

Deepfake is AI generated synthetic content in the form of video, image, audio which manipulates existing visual and auditory content and replaces it with something more sinister to gain something from their victims or mobilize public opinion on some important topic or matter. The technology behind deepfake depends on deep learning techniques such as Generative Adversarial Networks (GANs) to refine fabricated content and improve it continuously.

Deepfake technology was initially developed for the purpose of research and entertainment. Many open source tools such as DeepFaceLab and FakeApp enable novice users to create deep fake images thus enabling cyber criminals to use this technology in their interest. 

Convergence of Deepfake with Cybersecurity

• Deepfake Phishing and Social Engineering – Cybercriminals using deepfake technology to fine tune phishing emails and evolve social engineering attacks. Traditional phishing mails are highly evolved now with deepfake multi-media based scams. Deepfake audios and videos of senior executives such as CEOs, CIOs and government officials making fraudulent requests are common scenarios now. For example, a cybercriminal might be generating a video message showing the CEO asking to wire funds to his account. 
• AI Powered Ransomware Attacks – Cybercriminals are using AI to create ransomware which adapt security defenses, evasive in nature and deepfake extortion tactics being employed. Ransomware groups threaten organizations with deepfake videos showing their executives engaged in compromising postures thus pressurizing them to pay ransom. 

Illicit Use of Deepfake

Cybercriminals used deepfakes in several ways including: 

• Scams and Hoaxes – Creation of scams, false claims and hoaxes which undermine organization reputation. For example, creating a false deepfake video of a senior executive confessing a criminal activity which would impact organization reputation and brand. 
• Celebrity and non-consensual pornography – 96% of deepfakes on the internet are of non-consensual pornography. Most common targets are celebrities and hoaxes are created as revenge porn. 
• Social Engineering – Deepfake is used for social engineering with audio deepfakes to trick people or make them believe they are talking to someone senior. A CEO of a UK firm was tricked to believe he was talking to the Chief executive of his parent company as the deep fake video impersonated the voice of the chief executive persuading him to transfer €220,000 to a supplier’s bank account.
• Disinformation Attacks – are carried out using deep fake such as conspiracy theories about social and political concerns. A fake video of Mark Zuckerberg claiming to have total control of billions of people’s data was circulated thanking Spectre, a fictional organization from the James Bond movie. 
• Identity Theft and Financial Frauds – are done using deep fake technology by creating new identities and stealing identities of actual personals. The actual victim’s voice is faked to purchase products pretending to be an actual person. 

Case Studies: Deepfake Exploits

Let’s look at some sophisticated deep fake exploits in the real world by cyber criminals. 

• French Roman Scam – A French woman was scammed for $80,000 using a deep fake by impersonating Brad Pitt in a romance scene. She was made to believe having a real relationship and money was given for a movie which was going to be made by Brad Pitt. 
• YouTube Attack – Cybercriminals created a deep fake video of Youtube CEO Neal Mohan which were used in a phishing campaign to extract sensitive information from content creators. The video was near to perfect showing concern on how dangerous a deep fake could be.