PHOTO
The widespread adoption of artificial intelligence (AI) and machine learning technologies in recent years is providing threat actors with sophisticated new tools to perpetrate their attacks. One of these are deepfakes which include generated human-like speech or photo and video replicas of people. While the time and effort to create these attacks often outweigh their potential ‘rewards’, Kaspersky warns that companies and consumers must still be aware that deepfakes will likely become more of a concern in the future.
Kaspersky research has found the availability of deepfake creation tools and services on darknet marketplaces. These services offer generative AI video creation for a variety of purposes, including fraud, blackmail, and stealing confidential data. According to the estimates by Kaspersky experts, prices per one minute of a deepfake video can be purchased for as little as $300.
There are also concerns when it comes to the significant divide around digital literacy amongst Internet users. According to the recent Kaspersky Business Digitisation Survey¹ 51% of employees surveyed in the Middle East, Turkiye and Africa (META) region said they could tell a deepfake from a real image, however in a test only 25%2 could actually distinguish a real image from an AI-generated one. This puts organisations at risk given how employees are often the primary targets of phishing and other social engineering attacks.
For example, cybercriminals can create a fake video of a CEO requesting a wire transfer or authorising a payment, which can be used to steal corporate funds. Compromising videos or images of individuals can be created, which can be used to extort money or information from them.
“Despite the technology for creating high-quality deepfakes not being widely available yet, one of the most likely use cases that will come from this is to generate voices in real-time to impersonate someone. For example, a finance worker at a multinational firm was recently tricked into transferring $25 million to fraudsters because of deepfake technology posed as the company’s chief financial officer in a video conference call. It’s important to remember that deepfakes are a threat not only to businesses, but also to individual users - they spread misinformation, are used for scams, or to impersonate someone without consent – and are a growing cyberthreat to be protected from,” says Vladislav Tushkanov, Lead Data Scientist at Kaspersky.
For protection against the various threats posed by deepfakes, Kaspersky recommends people and businesses take the following actions:
- Pay attention to suspicious calls. Employees need to be mindful of poor sound quality, an unnatural monotony of the ‘person’s’ voice, unintelligible speech, and extraneous noise.
- Be aware of the key characteristics of deepfake videos. This includes jerky movement, shifts in lighting from one frame to the next, shifts in skin tone, lips poorly synchronised with speech, and poor lighting.
- Never make decisions based on emotions, and do not share details with anyone. It is always better to ask something that only that person might know or stop the call and double-check the information received through several channels. This is where the ‘trust but verify’ protocol is important.
- Check and update the cybersecurity practices of the organisation.
- A solution such as Kaspersky Threat Intelligence can assist keeping information security specialists up to date on the most recent developments in the deepfake game.
- Companies should also strengthen the human firewall by ensuring their employees understand what deepfakes are, how they work, and the challenges they can pose. This can encompass ongoing awareness and education drives to teach employees how to spot a deepfake.
-Ends-
References:
¹2,000 employees across SMBs & enterprises were surveyed in the Middle East, Turkiye, Africa region in 2023.
²First, respondents were asked if they could distinguish a deepfake from a real image. Then they were given two images from videos with a popular American actor, and one of these images was from a deepfake video. The respondents were then asked to indicate which of the images was real and which was fake.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.