Deepfake 'Face Swap' Attacks Trending

Uploaded on 2024-02-27 in NEWS-Cybersecurity News, FREE TO VIEW

Deepfake attacks using are using “face swap” technology with the aim to bypass remote identity verification has increased by 704% in 2023, according to a recent report published by iProov. 

Remote identity verification technology is necessary to ensure that organisations interact with the right people online, but in this era of Generative AI, not all technologies offer the same levels of assurance.

Now, free and low-cost face swap tools, virtual cameras and mobile emulators are increasing the growing number of deepfake-focused threat actors, identity verification company iProov found in its 2024 Report called The Impact of Generative AI on Remote identity Verification.

“Generative AI has provided a huge boost to threat actors’ productivity levels: these tools are relatively low cost, easily accessed, and can be used to create highly convincing synthesised media such as face swaps or other forms of deepfakes that can easily fool the human eye as well as less advanced biometric solutions,” iProov Chief Scientific Officer Andrew Newell said in a public statement.

In addition to identifying face swaps as the “deepfake of choice amongst persistent threat actors,” iProov’s Security Operations Centre (iSOC) found that injection attacks targeting mobile identify verification platforms increased by 255%, while use of emulators in these attacks rose by 353% between the first and second halves of 2023.

Furthermore, the number of threat groups exchanging information online about attacks on biometric and video identification systems nearly doubled between 2022 and 2023, with 47% of these groups surfacing within the last year.

Deepfakes videos are most commonly combined with digital injection attacks that use a virtual camera feed to replace the webcam or other device camera feed that would normally be used to display one’s face for verification. For example, OBS Studio, a legitimate open-source streaming tool, includes a virtual camera feature that could potentially be used to display deepfake video.

Digital injection attacks are more technically advanced than presentation attacks, in which a mask or a video on a screen is held up to the camera. While many facial biometric systems are equipped with presentation attack detection (PAD), injection attacks are more difficult to detect and doubled in frequency in 2023 says a Gartner Press Release.

By 2026, attacks using AI-generated deepfakes on face biometrics will mean that 30% of enterprises will no longer consider such identity verification and authentication solutions to be reliable in isolation, according to Gartner.

Deepfake threat actor groups frequently target manual or hybrid identity verification systems where a human operator has the last say, according to iProov. These groups consider humans to be easier to fool using deepfake injection attacks compared with computerised facial recognition systems.

In 2023, the FBI has also warned about a rising number of scammers using deepfake tech to impersonate job candidates during interviews for remote positions.

To assist organisations in protecting themselves against AI-generated deepfakes beyond face biometrics, CISOs  and risk managers should select service providers who can demonstrate they have the capabilities and a plan that goes beyond current standards and are monitoring, classifying and quantifying these new types of attacks.

SC Media     |     iproov     |     Gartner     |     PetaPixel     |     The Next Web     |     Twitter     |     Fintech

Image: Dasha Yukhymyuk

You Might Also Read:

Deepfakes Are Making Business Email Compromise Worse:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Humanoid Robotics: The Next Step For Artificial Intelligence
The British Military Works With Ethical Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Druva

Druva

Druva is the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10m guarantee.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.