The widespread adoption of artificial intelligence (AI) and machine learning technologies in recent years is providing threat actors with sophisticated new tools to perpetrate their attacks. One of these are deepfakes which include generated human-like speech or photo and video replicas of people. While the time and effort to create these attacks often outweigh their potential ‘rewards’, Kaspersky warns that companies and consumers must still be aware that deepfakes will likely become more of a concern in the future.
Kaspersky research has found the availability of deepfake creation tools and services on darknet marketplaces. These services offer generative AI video creation for a variety of purposes, including fraud, blackmail, and stealing confidential data. According to the estimates by Kaspersky experts, prices per one minute of a deepfake video can be purchased for as little as $300.
There are also concerns when it comes to the significant divide around digital literacy amongst Internet users. According to the recent Kaspersky Business Digitisation Survey¹ 51% of employees surveyed in the Middle East, Turkiye and Africa (META) region said they could tell a deepfake from a real image, however in a test only 25%2 could actually distinguish a real image from an AI-generated one. This puts organisations at risk given how employees are often the primary targets of phishing and other social engineering attacks.
For example, cybercriminals can create a fake video of a CEO requesting a wire transfer or authorising a payment, which can be used to steal corporate funds. Compromising videos or images of individuals can be created, which can be used to extort money or information from them.
“Despite the technology for creating high-quality deepfakes not being widely available yet, one of the most likely use cases that will come from this is to generate voices in real-time to impersonate someone. For example, a finance worker at a multinational firm was recently tricked into transferring $25 million to fraudsters because of deepfake technology posed as the company’s chief financial officer in a video conference call. It’s important to remember that deepfakes are a threat not only to businesses, but also to individual users - they spread misinformation, are used for scams, or to impersonate someone without consent – and are a growing cyberthreat to be protected from,” says Vladislav Tushkanov, Lead Data Scientist at Kaspersky.
For protection against the various threats posed by deepfakes, Kaspersky recommends people and businesses take the following actions:
References:
¹2,000 employees across SMBs & enterprises were surveyed in the Middle East, Turkiye, Africa region in 2023.
²First, respondents were asked if they could distinguish a deepfake from a real image. Then they were given two images from videos with a popular American actor, and one of these images was from a deepfake video. The respondents were then asked to indicate which of the images was real and which was fake.