Recorded Future, an incident-response firm, noted that threat actors have turned to the dark web to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Just as ransomware evolved into ransomware-as-a-service (RaaS) models, we’re seeing deepfakes do the same. This intel from Recorded Future demonstrates how attackers are taking it one step further than the deepfake-fueled influence operations that the FBI warned about earlier this year. The new goal is to use synthetic audio and video to actually evade security controls. Furthermore, threat actors are using the dark web, as well as many clearnet sources such as forums and messengers, to share tools and best practices for deepfake techniques and technologies for the purpose of compromising organizations.
Deepfake phishing
I’ve spoken with CISOs whose security teams have observed deepfakes being used in phishing attempts or to compromise business email and communication platforms like Slack and Microsoft Teams. Cybercriminals are taking advantage of the move to a distributed workforce to manipulate employees with a well-timed voicemail that mimics the same speaking cadence as their boss, or a Slack message delivering the same information. Phishing campaigns via email or business communication platforms are the perfect delivery mechanism for deepfakes, because organizations and users implicitly trust them and they operate throughout a given environment.
Comments are closed.