16 (1)

Deepfakes: A Serious Cyber Threat

Think deepfakes are just there to entertain? Think again. Deepfakes are now presenting businesses with a big cyber threat. Get the lowdown on these new attacks and find out how to lower your risks.

As if cybersecurity (especially ransomware) was not a big enough headache for stressed-out IT security staff, they now have a new nightmare to contend with: Deepfakes.
Deepfakes are the 21st century’s answer to photoshopping, where attackers use artificial intelligence (AI) or machine learning (ML) to create images of fake events. 

To illustrate the scale of the problem, the FBI issued a warning earlier this year, about the rising threat of 'synthetic' content. They describe it as:
“ The broad spectrum of generated or manipulated digital content, including images, video, audio and text”

How do Deepfakes work?

Deepfakes are scarily good at fooling people into believing certain celebrities or politicians are the real thing. Up until recently, they have been used mainly for pranks. 

More recently, however, deepfakes have taken on a darker hue. Cybercriminals are using AI and ML technology to launch sophisticated malicious attacks on companies, using super-realistic images and videos. 
Ransomware (already a big money-making business for cybercriminals) is now embedded with deepfake technology in a bid to extort more cash from companies.

Deepfake images may show individuals or businesses taking part in illicit (yet completely fake) behaviours that could damage the firm’s reputation should they be made public. To keep them private, the company has to pay a ransom. 
Deepfakes can also be used to spread lies, or scam employees and clients.

How to Mitigate the Damage of Deepfake Cyber Threats

Deepfake video and audio content looks set to present a major security threat to businesses over the coming years. 
The increased dependence of organisations on video is motivating more and more cyber criminals to focus their attention in this area.

While there is no single silver bullet to prevent criminals from mounting deepfake attacks, there are steps companies can take to prevent and minimise their impact. These include:

  • Establishing cybersecurity best practices and implementing a zero-trust policy, where staff have to triple check video sources, and if possible, identify the original image
  • Heightening cybersecurity awareness so employees can more easily tell a fake from the real thing (as follows)

How to detect when an image is deepfake?

Learning how to recognise a deepfake image or video is a valuable skill. Facial features are still quite difficult to perfect for cyber attackers, and videos often exhibit the following signs:
  • Jerky movements
  • Shifts in lighting between frames
  • Changes in skin tone
  • Excessive blinking or no blinking
  • Bad lip-synch
Vigilance is the best way to mitigate fraudsters’ efforts, with staff training a key way to strengthen the security framework. Preparing your employees for malicious deepfake cyber attacks should be your first line of defence.