January 23, 2023

Many understand how severe the threat of deepfakes is. But in this article, we expand upon a specific, worrisome trend: the role of deepfakes within the Crime-as-a-Service (CaaS) economy.

In this article, we’ll cover:

  • How deepfakes deployed via digital injection attacks and then circulated within Crime-as-a-Service networks can defraud organizations at scale
  • How this type of fraud scales compared to traditional attack types
  • How organizations can protect themselves from this threat

What Is Deepfake Crime-as-a-Service? Article Definitions

Let’s define the terms we’re going to use, with help from the iProov Biometric Encyclopedia. First, what actually is a deepfake?

“A deepfake is a video, visual, or audio recording that has been distorted, manipulated, or synthetically created using deep learning techniques to present an individual saying or doing something that they did not say or do.”

Second, a digital injection attack:

“Digital injection attacks are sophisticated, highly scalable, and replicable cyberattacks that bypass the camera on a device, or are injected into a data stream. By injecting replay attacks or synthetic imagery, including deepfakes, into a data stream, criminals can try to impersonate a bona fide user and gain unauthorized access to accounts or systems (or set up new accounts).”

And finally, deepfake Crime-as-a-Service:

“Deepfake Crime-as-a-Service refers to the process of cyber criminals developing advanced deepfake tools and services and then either selling them or sharing the technology across criminal networks, helping criminals to learn from, test, and spread their attacks.”

How Does Deepfake Crime-as-a-Service work?

Picture this example: Inside a data center operated by a criminal network, cloned devices are busy creating thousands upon thousands of manipulated, distorted, or synthetic images. Once this criminal network understands the exchanges between a given device and a targeted organization’s server, they target different organizations with various deepfakes to see which ones pass the security verification process. Once successful, the same software could potentially then run thousands of times in parallel to make it look like the imagery is coming from legitimate devices.

Additionally, once a criminal organization has successfully discovered a way to defraud a particular defense mechanism or organization’s system using deepfakes, they can use it for a variety of criminal purposes – such as account takeover fraud or synthetic identity fraud. Not only can they quickly sell effective tools, techniques, and identities within their network, but also to anyone with access to dark web marketplaces.

This is just one example of how deepfakes can be scaled and tooled as a global threat through Crime-as-a-Service networks. This is not the only example – the mechanisms can vary greatly depending on the delivery method.

The trend is particularly concerning in Latin America. The region is a global growth leader in online banking, but it is currently estimated that 20% of the region’s online revenue is lost to fraud.

Deepfakes + Crime-as-a-Service = Increased Risk

Why? Because:

  1. Liveness technology is not up to par. There was a rush to implement liveness technology during COVID, but not all are created equal. With over 3 years having passed since COVID was discovered, criminals have had plenty of time to play catch up – continuously probing for vulnerabilities and then exploiting them.
  2. People are ineffective at detecting deepfakes. Despite the fact that 57% of global consumers believe they can successfully spot a deepfake, research confirms that only 24% can.
  3. Research shows that traditional violent-crime gangs are teaming up with an underground cybercriminal community to achieve common goals, primarily of the financial variety – so financial organizations in particular should be carefully evaluating their security processes. Additionally, the danger of different skill sets being shared is that novel threats are being created at a much higher speed than seen previously.
  4. As Deepfakes-as-a-Service takes hold, a wider range of low-skill criminals will be able to purchase tried and tested software on the dark web, enabling them to effectively deploy mass attacks. They could potentially automate the deepfake crime process.

How Digital Injection Attacks Are Scaling Deepfake Crime

To fully understand the issue, we must look at how digital injection attack technology is powering deepfake fraud.

Some liveness technologies can now handle deepfakes that are simply presented to a screen. The process of creating a deepfake and presenting it to a camera can be effective, but it is limited in scope: realistically, the criminal can only do this one at a time.

Digitally injected imagery, though, is scalable. It enables criminals to inject deepfakes, either of synthetic or genuine individuals, directly into the data stream or authentication process. Digital injection attacks are the most dangerous form of threat because they are more difficult to detect than presentation attacks and can be replicated quickly.

As digital injection attacks are difficult to detect and highly scalable, they are particularly appealing to fraudsters who are devising ever more sophisticated cloaking methods making it even harder for advanced liveness technology to detect. They are being rapidly shared and tested from numerous locations worldwide, whether by the same criminal organization or via a Crime-as-a-Service economy.

Deepfake Case Study From the iProov Security Operations Center (iSOC)

Deepfakes-as-a-Service is not in its infancy. It is reaching maturity, with increased image quality, additional skills to cloak metadata, and is available more widely than ever before.

Throughout 2021, iProov’s Security Operations Center (iSOC) witnessed clusters of similar methods of digitally injected attacks. At first, the attack took the form of a manipulated image. Eventually, this attack spread and developed into a more sophisticated, digitally injected deepfake. The attacks occurred quickly across the globe.

Deepfake scaling threat crime as a service

Whether by the same criminal organization or sold over the dark web, this one example indicates that the attacker (or group of attackers) were organised, and rapidly shared tried and tested attempts from numerous locations. If attacks succeed, they rapidly escalate in volume and frequency, amplifying the risk of serious damage. Likewise, CaaS means that if a criminal fails to break into your organization’s system, they have access to retool and try again.

The iSOC is our global threat intelligence system. It exists to detect, block, and learn from sophisticated cyber attacks (such as the one above) that are attempted every single day against our customers worldwide.

Clearly, the threat is significant and it’s evolving. That’s why it’s essential that you choose the right biometric vendor to help protect you.

But how can you defend against it?

Choosing the Right Biometric Technology: Not All Can Combat Deepfakes

As we’ve established, cybercriminals can be shrewd and will try in an ever-increasing number of ways to probe and exploit weaknesses in security measures put in place.

Many basic liveness technologies can detect simpler attack vectors such as presentation attacks, where photos or pre-recording videos (and even presented deepfakes) are held up to a screen. But in the case of complex digitally injected deepfake attacks – intensified by Crime-as-a-Service networks – organizations need a more robust liveness solution. A solution designed to detect digital injection attacks alongside other advanced and novel threats.

That’s where iProov comes in. Only iProov’s Dynamic Liveness can deliver the highest level of assurance – GPA can detect both presented deepfakes and deepfakes used in digital injection attacks. Patented Flashmark™ technology uses controlled illumination to create a one-time biometric that cannot be recreated or reused, providing greater anti-spoofing across a range of attacks, delivering an industry-leading level of assurance that the person is real and authenticating right now. The emphasis on real-time authenticity is crucial for detecting digitally injected deepfakes and is essential as part of a robust defense strategy.

Dynamic Liveness is packaged with iSOC – the technology behind the case study highlighted earlier. iSOC provides continuous and highly responsive defenses by:

  • Detecting biometric attack vectors from a range of devices, platforms, and geographies
  • Providing enhanced protection and defenses against known spoofing methods
  • Continually learning from new, previously unseen attacks, to close the vulnerability gaps, to future proof the system

Overall, Dynamic Liveness is essential for defending against the threats of today and tomorrow. You can read more about Dynamic Liveness here and the innovative Flashmark technology powering it here.

Want to Know More About Deepfakes?

Deepfake Crime-as-a-Service: Summary

  • Deepfakes are a critical threat not only to financial organizations, but society as a whole. This threat is being made increasingly scalable by the proliferation of digital injection attacks – an attack type that is widely available and used globally.
  • Additionally, Crime-as-a-Service networks are enabling criminals to share attack methodologies and tools with each other. iProov has seen these threats roll out in real-time through our iProov Security Operations Center.
  • Crime-as-a-Service networks also mean that deepfakes can be sold as a service to other criminals. Deepfakes (or even accounts that have been opened fraudulently using deepfakes) can then be sold on the darkweb, too. This makes deepfake crime even more scalable and accessible than ever before.
  • However, not many biometric technologies can help defend against these complex deepfake threats. Make sure you choose one that can.
  • There are many approaches to combatting deepfakes and the various methods being used to scale their impact. iProov’s approach – the deployment of one-time biometrics during verification and authentication sequences – has proven to be the most effective, usable, and inclusive way to safeguard against the threat.

In our latest report, ‘How Latin American Banks Can Safeguard Against Deepfakes: The New Frontier of Financial Crime’, we expand upon the contents of this article – with particular emphasis on the deepfake crime landscape in Latin America. You can download the full report here. It is free and available in English, Spanish, and Portuguese.

Deepfake crime as a service