Deepfake, a major security problem
We can name some very common and dangerous threats such as ransomware, spyware, adware in the browser… But the problem for the short-term future and that most worries security researchers is what is known as deepfake. It basically consists of a fake video that uses artificial intelligence and different learning techniques to create fake images of people.
This technique is capable of reproducing a video of a person, as if it were really that person who is speaking. That is, they could use an important person to carry out a video call with another person, for example to close a deal or request relevant information, but in reality everything is created by software and is false.
This has many uses, ranging from playing a simple prank to wearing a cyber attack very sophisticated. Let’s take as an example a senior executive of an organization who is going to make a videoconference with workers of that company, suppliers or any person to close a deal or business. He may ask for certain confidential information and other people, thinking that they are in a legitimate and secure conversation, are going to give data that will put the security of that organization at risk.
Cybercriminals will be able to use Deepfake to scam other users. Let’s go back to the previous example and imagine that a boss or important person in a company contacts the employees to request something. The workers, believing that they are talking to the boss, will give all kinds of information that he requests. This can include anything from bank details to information on a product that has not yet been released.
What methods do they use?
How can attackers manage all this? Usually companies have public information about its board of directors, managers, etc. It is not difficult to know what functions each one can have, as well as certain personal data. In addition, these people may have spoken at public conferences, so it is not uncommon to find real images or videos of them.
All this, along with artificial intelligence, it will allow an attacker to carry out what is known as a deepfake. It will pretend that this senior executive is speaking through a video conference, but in reality it is false, it is all manufactured through software. You can ask an employee to carry out a bank transaction, for example.
This, which seems like something very far away, the truth is that it has already happened. There have been cases of Deepfake attacks simulating recognized people and have made videoconferences that were actually a fraud.
Cybersecurity experts believe that this technique will be used a lot in the future. Little by little they will perfect it and increasingly create more strategies to steal information and compromise the security of companies. It is important to always avoid identity theft.
Now, what can we do to avoid such a problem? Undoubtedly the most necessary common sense and always be alert. If you find yourself in a video call and you start to notice something strange, it is best to make sure that you are really talking to the person you should be. For example strange gestures that you can make, comments without much sense, etc. In addition, it is always a good idea to verify with the other person through another means that they are really going to start that video call.