Threat Intelligence Report 2025: Remote Identity Under Attack
iProov’s latest threat intelligence report reveals a startling transformation in identity deception capabilities. Drawing from real-world attack data analyzed by iProov’s Security Operations Center (iSOC) and threat intelligence gathering, the report documents an unprecedented increase in digital injection attacks and a surge in face swap attempts during 2024.
The emergence of a new attack vector, first detected in December 2024, is particularly concerning. This technique has been assessed to potentially bypass most current remote identity verification systems. The report also reveals thousands of possible attack combinations stemming from just three common attack tools, which raises doubts about some vendors’ claims regarding deepfake detection. This situation underscores the necessity for greater understanding and transparency in this area.
Moreover, the increasing accessibility of attack tools and the rise of CrimeasaService marketplaces contribute to unprecedented risks for remote identity verification systems. Organizations must prioritize solutions that offer real-time threat detection and response capabilities rather than relying solely on static security measures or vendors’ claims of comprehensive protection. It is essential to seek providers who can demonstrate continuous monitoring capabilities and engage in transparent threat intelligence sharing.
Key Topics:
Year overYear Attack Analysis
In 2024, we experienced unprecedented spikes in attack volumes: incidents of native camera attacks surged, face swaps increased, and digital injection attacks rose significantly. This is not merely a gradual evolution; it represents a fundamental shift in the threat landscape that requires immediate attention.
Strategic Approaches
Organizations that do not adapt their security strategies for 2025 will face a stark reality. Our data indicates that threat actors are now capable of breaching multiple security layers simultaneously, as exemplified by the $25.6 million deepfake scam in Hong Kong. Traditional security approaches are not just becoming outdated; they are becoming dangerous. It is essential to understand what measures are necessary to protect your organization effectively.
Attack Permutations
When a vendor claims to offer ‘complete deepfake protection,’ it is critical to inquire about which of the 115,000 known attack combinations they have tested. We have documented 127 face swap tools, 91 virtual cameras, and 10 emulators—each of which creates distinct attack vectors. Most vendors only test against a small fraction of these combinations, leaving critical vulnerabilities unaddressed. Being aware of these numbers allows you to ask the right questions and distinguish between genuine security capabilities and mere marketing claims.
Low Attack Rate Paradox
Counterintuitively, low attack rates might indicate a heightened risk. Here’s why: sophisticated threat actors actively probe systems, share intelligence, and quickly abandon hardened targets in search of easier prey. A sudden drop in attacks could signify one of two scenarios: either your security defenses are exceptionally effective, or attackers have already infiltrated your systems and are operating without detection. Without real-time monitoring, you won’t know which scenario you’re facing.
Download the report to learn more today!
