Deepfakes are high-tech social engineering attacks used by hackers to gain access to sensitive information. But what makes this tactic so efficient and difficult to detect? And more importantly, how can you protect your business against deepfakes?
What is a Deepfake?
A deepfake is an incredibly realistic piece of media created by altering existing video or audio material. Deepfakes use artificial intelligence to replicate a person’s face and voice. These tools are typically used to spread misinformation and create chaos in the targeted audience’s security system.
A quick search on YouTube will reveal hundreds of deepfakes of influential personalities like Barack Obama, Elon Musk, and Tom Cruise. But social engineering attacks like deepfakes are not only limited to celebrities—they also target businesses. Even though a trained observer may be able to spot a deepfake, several security breaches have been successfully supported using this technology.
How do Deepfakes work?
Deepfakes are created by feeding multiple images to deep-learning computer networks known as VAEs or Variational Autoencoders. VAE will try to capture the different lighting, position, and facial expressions of the provided photos to reconstruct a person’s facial expressions, resulting in a very realistic outcome.
Scammers follow these steps to be successful:
1. The hacker gets 2 groups of photos: photos of themselves (input images), and photos of the target that he/she is looking to impersonate.
2. The AI compares both images and decides which expressions are unique and essential to delivering a “trustworthy” impersonation, also known as “output images.”
3. Once the AI determines which facial features are essential, it combines the input and the output images using the VAE.
4. The AI then reconstructs each facial movement and emotional expression frame by frame.
Deepfakes and Cybersecurity
Cybercriminals are using deep fake technology to create havoc inside organizations. Bad actors usually use deepfakes for the following reasons:
1. Scams
2. Blackmail
3. Social Engineering
4. Identity Theft
5. Financial Fraud
6. Spreading Misinformation to Damage Business Reputation
How Can I Protect Against Deepfakes?
Unfortunately, there is no reliable software to detect deepfakes as the technology is evolving quickly. However, you may take the following steps during an attack to protect your sensitive information:
1. Have a Communication Response Plan
If you find yourself a victim of a deepfake attack, you must respond quickly. Having a response plan that instructs your company on how to communicate in case of a deepfake attack allows you to completely mitigate or decrease the damage done to your business reputation.
Your communications teams must be trained to deal with deepfake attacks and have a risk management protocol to deal with them.
2. Ensure Best Cybersecurity Practices
Ensuring that your employees are up to date with best cybersecurity practices and security awareness training will increase the chances that they detect a deepfake attempt and other attacks before it invades your organization’s security system.
3. Watch Out for Visual and Audio Flaws
One of the easiest ways to identify a deepfake is through shadows and skin tones. If you notice the person’s skin tone or shadows don’t match the scene, chances are you are witnessing a deepfake.
Weird eyes and soft and blurry areas are another giveaway when you are dealing with more professional deepfakes.
In this Tom Cruise deepfake, you will notice a weird line on his cheekbone. These flaws are more noticeable when the subject is moving or makes different facial expressions. When looking for audio hints, take a close look at the mouth. Most of the time the mouth does not match the audio. If the audio sounds suspicious, start doubting!
BTI: The Cybersecurity Partner Near You!
At BTI, we have more than 35 years of experience, in IT, security, and communications. We have the right expertise, qualifications, and security awareness training resources to help your team protect your business against deepfakes and all kinds of security threats. Would you like to focus on business profitable tasks without worrying about security? Contact us now to get the best security measures for a low price!