The use of deepfakes is just beginning. These ultra-realistic photo or video tricks allow you to imitate the face and voice of anyone. They are at the heart of the manipulation of information. A deepfake of Ukrainian President Volodymyr Zelensky, in which he called on his people to surrender, was for example broadcast on the hacked Ukraine 24 news channel, as well as several social networks shortly after the start of the war in Ukraine. But the use of this technology goes far beyond that.
“Cybercriminals are now incorporating deepfakes into their attack methods to evade security checks”, warns Rick McElroy, cybersecurity strategist at VMware. The cloud solutions provider, recently acquired by Broadcom, unveiled its eighth annual “Global Incident Response Threat Report” on August 15, 2022, the survey of which was conducted online among 125 cybersecurity professionals. It is clear that 2/3 of respondents noted the use of deepfakes during a cyberattack, an increase of 13% in the use of this technology compared to last year.
Use of deepfakes by email
Cybercriminals are now moving beyond using deepfakes for influence operations or disinformation campaigns. “Their new goal is to use deepfake technology to compromise organizations and gain access to their environment”, notes VMware. The majority of these deepfake attacks use the video format (58%), more than audio (42%).
Cyberattacks by deepfakes are mainly carried out by e-mail (78%), mobile message (57%), voice (34%) and social networks (34%). Meeting applications or new business collaboration tools are particularly targeted by attackers. Often cybercriminals send messages that appear to come from a known source with a legitimate request in order to access information.
Europol is sounding the alarm
Europol alerted at the end of April on deepfakes, ensuring that this threat should be taken very seriously by the law enforcement services of European countries. Beyond manipulating information from the general public, this technology can be used to manipulate businesses, alter credentials, disrupt financial markets, facilitate the online sexual exploitation of children, and perpetrate extortion and fraud, the agency listed.
“Preventing and detecting deepfakes must be the top priority for law enforcement”, wrote Europol at the time. For the agency, this means training law enforcement agencies to detect them as well as investing in technical capabilities. It seems that these recommendations should also apply to private companies and various public organizations that are targeted by such images.