Hackers are using analytics and AI to create subtle fake news that lurk around just enough to create undue mass influence.
Safer Internet Day is celebrated globally in February each year to promote the safe and positive use of digital technology for children and young people and inspire a national conversation. The event is commemorated with Safer Internet Centres, Safer Internet Day Committees and other supporters in each of the countries coming together to plan and organize events.
On this Safer Internet Day, reliability of information is the theme, and with ‘fake news’ entering popular lexicon as a symptom of the massive amount of misinformation available online, this year we explore how fakery—as well being used for simple mischief-making—can be part of highly-targeted attacks.
We see the potential for Deepfakes to become a feature of enterprise attacks, amplifying existing social engineering techniques by making them appear even more credible. Deepfake footage is already available on the Dark Web; it is not too much of a stretch for attackers to lift video and recordings of senior business leaders from employers’ social media channels, marketing collateral or from individual employees’ own digital footprint, for example, and using their properties to generate deepfakes that act as a strategic follow-on to phishing attempts.
We anticipate threat actors creating deepfakes in which they build a deepfake persona of a colleague in a position of trust—for instance an IT team member—to highly-targeted, unsuspecting employees over a series of videos calls to earn their trust, before requesting credentials and using this information to access systems.
Many of us, after all, have not even met our colleagues in these pandemic-dominated times. In fact, we believe this technique may well already be in use in certain scenarios, though the nature of such a highly-targeted attack would make this something which an attacker would go to great lengths to disguise.