Deepfake Technology and Cybersecurity: 7 Challenges and How To Address Them

Experts believe deepfake attacks are no longer hypothetical, and as time goes on, they will become more affordable for cybercriminals, making regular people a target as well. It’d be best to be prepared to face fake video, audio, and live footage now. So, what are the deepfake cybersecurity challenges?

Deepfake scams include fake video, audio, and live footage that seems real. Cybercriminals can use it to scam CEOs, investors, and regular people. Investing more time in training and employing more robust security measures will be a must as deepfake scams become widespread.

Cybercriminals use AI and machine learning to take their scams to new levels, so you need to take your cybersecurity to new highs to see what’s coming from the bottom. Fortunately, as deepfake technology gets better, so does software to detect it – but you need to understand deepfake as a concept to defend yourself.

What’s Deepfake?

Deepfake is AI-powered software that can create audio, video, and other footage that depicts someone saying and doing things they have never said or done before. Threat actors are using deepfake footage to scam people or mess with market sentiment.

Imagine you have the power to create footage of anyone you want doing anything you want. You could have politicians saying terrible things, sinking their chances of winning an election. You could also have CEOs talking trash about their company, tanking their stock in the process. That’s what deepfake footage is.

Cybercriminals and cyberterrorists use this type of technology to do any of the things listed above and more. It’s important to understand how this tech works to have a higher chance of detecting deepfake scams.

How Does Deepfake Work?

Deepfake software creates fake footage using a combination of AI, machine learning, and real footage, among other things. Sometimes, real actors stage the video, and then cybercriminals use software to change their voices and faces to get the desired result.

In other words, a computer with the right hardware can take a few samples from your social media profiles to get audio and video footage. That could be enough to create a video depicting you doing and saying things you’ve never done or said before.

That sounds troubling – but deepfake technology doesn’t stop there. There are many types of deepfake footage, and you could fall victim to all of them.

Types of Deepfake

  • Video. Cybercriminals can use old video footage to create new deepfake scams. They also use old pictures to better shape their criminal attempts. We’ve seen deepfake videos of celebrities and politicians that were hard to tell apart from the real thing, and it would be no surprise to see the same happening to regular people soon enough.
  • Audio. A deepfake video without audio wouldn’t be that surprising. You should know that threat actors can use machine learning and old audio footage to say things using anyone’s voice. A deepfake audio of yours could be used to scam financial institutions or similar.
  • Text. The AI craze we’re seeing today helps shape (in part) text deepfake scams that could imitate the way you write down to the smallest details. That may not seem like much – but cybercriminals may use a deepfake text to imitate a PR letter to fool a company, investors, or similar.
  • Live. The scariest deepfake scams are live ones: the most advanced software can create fake footage of someone on the go, meaning they can pretend to be that person talking live on social media or any other platform. It’d be fair to say more than 90% of the population would be fooled after seeing such a thing.

Can Hackers Use Deepfake Technology?

Hackers use deepfake technology to scam money and information out of people. Not too long ago, cybercriminals scammed a UK company out of 243  thousand pounds using deepfake audio to fool a CEO and get their money.

They were prepared to pull the scam and walk away with the money: as soon as the CEO transferred the money, they rerouted it to different banks around the world, making it close to impossible to trace it.

That’s not the first nor the last time cybercriminals use deepfake technology to steal money from innocent users. Because of that, you have to learn the many deepfake security challenges and how to defend yourself from them.

7 Deepfake Cybersecurity Challenges

1. Social Media Grants Deepfake Hackers What They Need

One of the biggest cybersecurity issues is social media. Social engineering already makes posting too much information online troubling, but deepfake scams add another layer of issues to it all.

You should at least make your social media profiles private. That makes hackers have a harder time getting to your pictures and videos. It also limits your exposure online. It’s a win-win!

Of course, that won’t stop hackers from trying to get old footage of yours – especially if you’re a high-profile target: CEOs, famous people, and similar people have a target on their backs, so it’s always a good idea to prevent information from leaking to threat actors.

We understand it’s close to impossible to close all social media profiles and cut contact with the internet that way – but we recommend limiting your exposure instead (e.g., upload as fewer pictures or videos as possible, do it long after the fact to avoid threat actors localizing you, and don’t post private information online).

2. There’s Not Enough Training on the Subject

Unfortunately, we see a small number of people prepared to deal with deepfake footage. The lack of cybersecurity training throughout most companies is alarming already, but throwing the deepfake problem into the mix makes things even worse.

What’s going to happen when employees start receiving state-of-the-art deepfake footage of their CEO asking for privileged credentials? What about financial institutions receiving fake videos of customers asking for money? It’s going to be a disaster – unless companies prepare their employees for what’s soon to come.

Deepfake scams are a new twist on an old problem: we’re still talking about phishing scams. There are several signs that’ll help you detect them. We always recommend training yourself and your employees as well as following cybersecurity best practices because of that.

3. Companies Don’t Have Deepfake Detection Technology Yet

Deepfake footage is the result of using AI, machine learning, and old footage – so it’s no surprise you can detect that type of fake video using AI and machine learning.

There’s software available to detect deepfake videos, but that doesn’t mean companies are spending money on them.

Deepfake scams are not that widespread to justify investing in that type of software – yet. We can tell this type of scam will be as widespread as others are, so it’s a good idea to get a headstart and at least research a few options.

It’d be a bad idea to wait for a breach to tighten your security protocols or for an employee to fall for a scam to see how to prevent another loss.

4. Better Security Measures Are Needed

Deepfake detection isn’t the only prevention measure companies should take. Unfortunately, this type of technology creates new ways for threat actors to steal money and data, so it makes sense to close certain doors.

For example, can you trust the information you got over a Zoom meeting or a video? Deepfake live footage will become widespread soon enough, making it impossible to trust anything that you see on a screen.

Of course, that doesn’t mean becoming paranoid and distrusting anything you see over the internet. However, it does mean you have to employ a reinforced trust but verify protocol, as we’ll explain below.

5. Trust but Verify Has To Go to New Highs

Zero-trust is the name of the game nowadays. You can’t trust known devices, let alone unknown devices – and that way of thinking grants a bit more protection than you’d get otherwise.

How can you use zero-trust architecture when it comes to media? Instruct employees to distrust new videos, images, and similar things they see online. At the same time, deploy measures and software to detect fake video or phone calls.

How far you decide to go is up to you and your threat model.

6. Financial Institutions Need New Ways To Protect Customers

As hackers continue to gain access to a lot of data thanks to social engineering and data breaches, banks need to ask plenty of questions to make sure you’re the one talking on the other line.

Nowadays, certain banks and other financial institutions allow you to open a bank account via FaceTime or Zoom – but how can you trust the person on the other line is real and not deepfake footage?

We’ll probably see banks opening accounts on a face-to-face basis alone – and that’s a good thing! We may also see them take more extreme measures, such as limiting their banking apps and phone call options, because of them experiencing one too many data breaches and deepfake scams.

You have to do your part as well: use strong passwords and employ multi-factor authentication to avoid losing your account.

7. Scams Will Get Worse Than Ever

Deepfake technology can take phishing scams to a whole new level. There are plenty of recent examples: we’ve talked about the British firm above, though we can also point out the crypto world.

Cybercriminals used deepfake footage of Sam Bankman-Fried, known for the FTX scam, talking about compensating any loss investors have suffered before. The idea here was to scam users and drain their cryptocurrency wallets. That was made possible because they used Bankman-Fried’s old video footage to create this new video.

That sheds some light on what the future has in store for us: cybercriminals will use deepfake software to create more clever, more convincing scams – and we need to be aware of that.

Conclusion

Deepfake scams will become more common as time goes on, though that doesn’t mean users will be defenseless. More training and new software will be there to prepare people to monitor footage and detect deepfake scams, though everyone needs to be alert to detect this type of scam early on.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.