Emerging cyber threats that are beginning to cause concern, deepfake attacks could prove to be very dangerous, putting the security of corporate IT networks at risk.
What are deepfake attacks?
It is multimedia content, video or audio, manipulated thanks to artificial intelligence. In these videos or audios, leaders and famous people say or do something with the purpose of tricking people into believing it is true. These are therefore social engineering techniques, through which even company employees could be induced to divulge sensitive data or information, believing they are sharing them with authorized persons. From this comes the risk for the IT security of companies.
Although this is a technique still in its infancy, the concern of the experts is understandable. In fact, even phishing attacks have always been successful due to the ability to pretend to be trusted companies or interlocutors: your bank, your electricity or gas service provider, the e-commerce site where most of the purchases, or email addresses of friends and colleagues. By exploiting the trust placed in those you know, or think you know, phishing attacks have a very high success rate, despite the fact that the danger is now well known.
How deepfake attacks can be a cybersecurity threat.
Video and audio manipulated thanks to artificial intelligence represent the evolution of these attempts at impersonation. If through e-mails and messages it is not possible to verify who the interlocutor actually is, video or audio create a feeling of greater trust since the interlocutor appears recognizable. But on the net this too can be a fake. The channels that cybercriminals can exploit increase and consequently the chances of success.
In the business environment, if the e-mail arouses attention thanks to the awareness-raising policies, a phone call can arrive with a voice that is exactly that of the boss who confirms its validity. What will the employee do? It happened in 2019. An employee of a UK-based company sent payments of around $ 250,000 to a hacker who used this audio technology to trick him.
Furthermore, creating such an attack does not even seem too difficult: thanks to machine learning technology, the voice of the boss was cloned, recorded thanks to a simple spyware. But for managers of large companies, even spyware is not needed, as often many of their speeches are public and are shared via social networks.
How to defend against deepfake attacks.
This type of attack is not yet widespread today, yet the threat is concrete and will become more and more so with the spread of artificial intelligence and its applications. Already last year some experts highlighted how these attacks have potentially become within the reach of the inexperienced thanks to the intuitive interfaces of the applications.
If in the near future the same artificial intelligence can prove to be the best weapon to defeat itself and detect anomalies that are humanly not perceptible, today the best advice is to always keep attention high, adequately inform all company employees and activate systems of double check.