E R T N
P
X
E INIO
OP
Why
deepfakes are
revolutionising
the world of
phishing
As cybercriminals continue to grow their weapons
arsenal, utilising new methods such as voice
phishing to cause further damage, it’s important
that organisations step up their defences. Jonathan
Miles, Head of Strategic Intelligence and Security
Research, Mimecast, tells us how these attacks are
conducted and offers advice to CISOs on the steps
they can take to mitigate against them.
S
ince the dawn
of social
engineering, attack
methodology has
remained largely
unchanged.
But the rise in
electronic communications and the
departure from in-person interaction has
changed this dynamic. BEC attacks rose
in prominence, using email fraud to assail
their targets via invoice scams and spear
phishing spoof attacks to gather data for
other criminal activities.
Deepfake attacks, or voice phishing
attacks, are an extension of BECs and
have introduced a new dimension to the
attacker’s arsenal.
Social engineering attacks, commonly
perpetrated through impersonation
and phishing, are an effective tactic
www.intelligentciso.com
|
Issue 21
Jonathan Miles, Head
of Strategic Intelligence
and Security Research,
Mimecast
for criminal entities and threat actors
and have shown a sustained increase
throughout 2019. Threat actors
impersonate email addresses, domains,
subdomains, landing pages, websites,
mobile apps and social media profiles,
often in combination, to trick targets
into surrendering credentials and other
personal information or installing malware.
However, this methodology has been
worsened by adding a new layer of
duplicity: the use of deepfakes, or voice
phishing, is becoming more prevalent as
an additional vector used in conjunction
with business email compromise (BEC)
for eliciting fraudulent fund transfers.
What is a deepfake?
Deepfake, a combination of Deep
Learning and fake, is a process that
combines and superimposes existing
images and videos onto source media
to produce a fabricated end product.
It is a technique that employs Machine
Learning and Artificial Intelligence to
create synthetic human image or voice
content and is considered to be social
engineering since its aim is to deceive or
coerce individuals.
In today’s charged global political climate,
the output of a deepfake attack can
also be used to create distrust, change
opinion and cause reputational damage.
A Deep Learning model will be
trained using a large, labelled dataset
comprised of video or audio samples,
until it reaches an acceptable level of
accuracy. With adequate training the
model will be able to synthesise a face
or voice that matches the training data
to a high enough degree that it will be
perceived as authentic.
41