January 23 2023
Many understand how severe the threat of deepfakes is. But in this article, we expand upon a specific, worrisome trend: the role of deepfakes within the Crime-as-a-Service (CaaS) economy.
In this article, we’ll cover:
Let’s define the terms we’re going to use, with help from the iProov Biometric Encyclopedia. First, what actually is a deepfake?
“A deepfake is a video, visual, or audio recording that has been distorted, manipulated, or synthetically created using deep learning techniques to present an individual saying or doing something that they did not say or do.”
Second, a digital injection attack:
“Digital injection attacks are sophisticated, highly scalable, and replicable cyberattacks that bypass the camera on a device, or are injected into a data stream. By injecting replay attacks or synthetic imagery, including deepfakes, into a data stream, criminals can try to impersonate a bona fide user and gain unauthorized access to accounts or systems (or set up new accounts).”
And finally, deepfake Crime-as-a-Service:
“Deepfake Crime-as-a-Service refers to the process of cyber criminals developing advanced deepfake tools and services and then either selling them or sharing the technology across criminal networks, helping criminals to learn from, test, and spread their attacks.”
Picture this example: Inside a data center operated by a criminal network, cloned devices are busy creating thousands upon thousands of manipulated, distorted, or synthetic images. Once this criminal network understands the exchanges between a given device and a targeted organization’s server, they target different organizations with various deepfakes to see which ones pass the security verification process. Once successful, the same software could potentially then run thousands of times in parallel to make it look like the imagery is coming from legitimate devices.
Additionally, once a criminal organization has successfully discovered a way to defraud a particular defense mechanism or organization’s system using deepfakes, they can use it for a variety of criminal purposes – such as account takeover fraud or synthetic identity fraud. Not only can they quickly sell effective tools, techniques, and identities within their network, but also to anyone with access to dark web marketplaces.
This is just one example of how deepfakes can be scaled and tooled as a global threat through Crime-as-a-Service networks. This is not the only example – the mechanisms can vary greatly depending on the delivery method.
The trend is particularly concerning in Latin America. The region is a global growth leader in online banking, but it is currently estimated that 20% of the region’s online revenue is lost to fraud.
To fully understand the issue, we must look at how digital injection attack technology is powering deepfake fraud.
Some liveness technologies can now handle deepfakes that are simply presented to a screen. The process of creating a deepfake and presenting it to a camera can be effective, but it is limited in scope: realistically, the criminal can only do this one at a time.
Digitally injected imagery, though, is scalable. It enables criminals to inject deepfakes, either of synthetic or genuine individuals, directly into the data stream or authentication process. Digital injection attacks are the most dangerous form of threat because they are more difficult to detect than presentation attacks and can be replicated quickly.
As digital injection attacks are difficult to detect and highly scalable, they are particularly appealing to fraudsters who are devising ever more sophisticated cloaking methods making it even harder for advanced liveness technology to detect. They are being rapidly shared and tested from numerous locations worldwide, whether by the same criminal organization or via a Crime-as-a-Service economy.
Deepfakes-as-a-Service is not in its infancy. It is reaching maturity, with increased image quality, additional skills to cloak metadata, and is available more widely than ever before.
Throughout 2021, iProov’s Security Operations Center (iSOC) witnessed clusters of similar methods of digitally injected attacks. At first, the attack took the form of a manipulated image. Eventually, this attack spread and developed into a more sophisticated, digitally injected deepfake. The attacks occurred quickly across the globe.
Whether by the same criminal organization or sold over the dark web, this one example indicates that the attacker (or group of attackers) were organised, and rapidly shared tried and tested attempts from numerous locations. If attacks succeed, they rapidly escalate in volume and frequency, amplifying the risk of serious damage. Likewise, CaaS means that if a criminal fails to break into your organization’s system, they have access to retool and try again.
The iSOC is our global threat intelligence system. It exists to detect, block, and learn from sophisticated cyber attacks (such as the one above) that are attempted every single day against our customers worldwide.
Clearly, the threat is significant and it’s evolving. That’s why it’s essential that you choose the right biometric vendor to help protect you.
But how can you defend against it?
As we’ve established, cybercriminals can be shrewd and will try in an ever-increasing number of ways to probe and exploit weaknesses in security measures put in place.
Many basic liveness technologies can detect simpler attack vectors such as presentation attacks, where photos or pre-recording videos (and even presented deepfakes) are held up to a screen. But in the case of complex digitally injected deepfake attacks – intensified by Crime-as-a-Service networks – organizations need a more robust liveness solution. A solution designed to detect digital injection attacks alongside other advanced and novel threats.
That’s where iProov comes in. Only iProov’s Genuine Presence Assurance® can deliver the highest level of assurance – GPA can detect both presented deepfakes and deepfakes used in digital injection attacks. Patented Flashmark™ technology uses controlled illumination to create a one-time biometric that cannot be recreated or reused, providing greater anti-spoofing across a range of attacks, delivering an industry-leading level of assurance that the person is real and authenticating right now. The emphasis on real-time authenticity is crucial for detecting digitally injected deepfakes and is essential as part of a robust defense strategy.
Genuine Presence Assurance is packaged with iSOC – the technology behind the case study highlighted earlier. iSOC provides continuous and highly responsive defenses by:
Overall, Genuine Presence Assurance is essential for defending against the threats of today and tomorrow. You can read more about Genuine Presence Assurance here and the innovative Flashmark technology powering it here.
In our latest report, ‘How Latin American Banks Can Safeguard Against Deepfakes: The New Frontier of Financial Crime’, we expand upon the contents of this article – with particular emphasis on the deepfake crime landscape in Latin America. You can download the full report here. It is free and available in English, Spanish, and Portuguese.