John Paul M. Joaquin Tech 08.08.2022 11:Aug AM EDT

Deepfakes: Cybercriminals’ Latest Weapon in Cyber Attacks, Research Says

Deepfaking software is some of the most useful things in Hollywood. With it, people can bring back people who have passed away years ago, as in the case of "Rogue One: A Star Wars Story," and even remove mustaches digitally, as in the case of the 2017 "Justice League" film.

However, it can be used for nefarious causes, such as Volodymyr Zelensky's deepfaked video imploring Ukrainian soldiers to surrender to Russia's armed forces.

This detrimental use of deepfakes is an aspect that researchers from a multi-cloud service provider focused on in their latest study, which doesn't bode well for cybersecurity.

VMware researchers found in their latest threat report that deepfakes are becoming a growing danger to cybersecurity, with most of the cybersecurity professionals the company surveyed saying they spotted one in the past year.

With the growing use of deepfakes in cyber attacks, cybersecurity professionals and experts believe that it is now an "emerging danger" to people's cybersecurity.

VMware Threat Report Details

VMware mentioned in its latest annual Global Incident Response Threat Report that deepfakes are a growing danger to people's cybersecurity as it is becoming a way for cybercriminals to evade security controls.

Rick McElroy, VMware's principal cybersecurity strategist, mentioned that 66% of cybersecurity professionals surveyed in the study saw "malicious deepfakes" used as part of an attack

The growing use of deepfakes to threaten people's cybersecurity is evidenced by a 13% increase in the usage of face- and voice-altering technology by cybercriminals, per CNET.

"Deepfakes in cyberattacks aren't coming, McElroy said in a statement, "They're already here."

VMware found that cybercriminals send malicious deepfakes to potential victims through email the most, with 78% of deepfakes being delivered to victims by email alone. CNET mentioned that this use of email to send malicious deepfakes is connected to the continued rise in business-email compromise attempts.

A business email compromise (BEC) attempt is one of the most financially damaging online crimes, according to the FBI. It is a scam where an attacker will send an email message that looks to have come from a known and trusted source making a legitimate request, such as asking for company information or paying a fake invoice.

An example of a BEC is when an attacker posing as a company CEO is asking the CEO's assistant to purchase dozens of gift cards as employee rewards but immediately asks for their serial numbers so the attacker can email them to the company's employees right away.

Should the assistant be unaware of what a deepfake is, the attacker will then be able to acquire ill-gotten funds through the successful scam.

What Is a Deepfake?

A Deepfake is an AI-generated fake video that uses AI called deep learning to make images of fake events, per The Guardian. This software can be used to make memes, jokes, and even pornographic material, per Medium.

Unfortunately, deepfakes can also mimic a person's voice, allowing them to say whatever the deepfake video creator wants them to say, allowing people to fool anyone unaware of the software's existence.

Poor-quality deepfakes are easy to spot as the lip-synching might be bad, or the skin of the person being deepfaked appears to be patchy. However, as deepfaking software improves, it becomes more difficult to spot with the naked eye.