Deepfakes will not come in cyberattacks. They are already here.

the Transform Technology Summits begins October 13 with Low-Code / No Code: Enabling Business Agility. Register now!

In March, the FBI published a report stating that malicious actors will almost certainly take advantage of “synthetic content” for cyber and foreign influence operations in the next 12 to 18 months. This synthetic content includes deepfakes, audio or video that is entirely created or altered by artificial intelligence or machine learning to convincingly misrepresent that someone is doing or saying something that was not actually done or said.

We have all heard the story of the CEO whose voice was imitated. convincing enough to initiate a $ 243,000 wire transfer. Now the constant Zoom meetings of the on-the-go workforce era have created a wealth of audio and video data that can be fed into a machine learning system to create a compelling duplicate. And the attackers have taken note. Deepfake technology has seen a drastic upturn on the dark web and attacks are undoubtedly taking place.

In my role, I work closely with incident response teams, and earlier this month I spoke with several CISOs from prominent global companies about the rise in deepfake technology they have witnessed. These are your main concerns.

Dark web tutorials

Future engraving, an incident response company, noted that threat actors have turned to the dark web to offer tutorials and personalized services that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Just as ransomware evolved into ransomware-as-a-service (RaaS) models, we are seeing deepfakes do the same. This information from Recorded Future demonstrates how attackers are taking a step beyond the deeply falsified influence operations that the FBI warned about earlier this year. The new goal is to use synthetic audio and video to evade security controls. Additionally, threat actors are using the dark web, as well as many clearnet sources, such as forums and messengers, to share tools and best practices for deepfake techniques and technologies for the purpose of compromising organizations.

Fake phishing

I have spoken with CISOs whose security teams have observed the use of deepfakes in phishing attempts or to compromise business email and communication platforms such as Slack and Microsoft Teams. Cybercriminals are taking advantage of the shift to a distributed workforce to manipulate employees with a timely voicemail that mimics the same cadence of speech as their boss, or a Slack message that delivers the same information. Phishing campaigns via email or business communication platforms are the perfect delivery mechanism for deepfakes, because organizations and users implicitly trust them and operate in a given environment.

Bypassing biometrics

The proliferation of deepfake technology also opens Pandora’s box when it comes to identity. Identities are the common variable across networks, endpoints, and applications, and the focus on who or what is authenticating becomes critical to an organization’s security on its journey to Zero Trust. However, when a technology exists that can mimic identity to the point of misleading authentication factors, such as biometrics, the risk of compromise increases. In a report from Experian outlining the five threats companies are facing this year, synthetic identity fraud, in which cybercriminals use false faces to trick biometric verification, which was identified as the fastest growing type of financial crime. This will inevitably create significant challenges for companies that rely on facial recognition software as part of their identity and access management strategy.

Distortion of digital reality

In today’s world, attackers can manipulate everything. Unfortunately, they are also some of the early adopters of advanced technologies, such as deepfakes. As cybercriminals move beyond the use of deepfakes solely for influencing or disinformation operations, they will begin to use this technology to compromise organizations and gain access to their environment. This should serve as a warning to all CISOs and security professionals that we are entering a new reality of mistrust and distortion at the hands of attackers.

Rick McElroy is Chief Cybersecurity Strategist at VMware.


VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:

  • updated information on the topics of your interest
  • our newsletters
  • Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
  • network features and more

Become a member



Please enter your comment!
Please enter your name here