Trend Micro Reports Stolen Identities And Deepfakes



musk-deepfakeResearchers at Trend Micro warn that the social engineering potential of deepfakes is becoming an increasing concern. Deepfakes have already been successfully used in attacks, and Trend Micro believes this is just the beginning. The researchers explain that every photo or video of someone on social media can be used to build deepfakes:

  1. “There is enough content exposed on social media to create deepfake models for millions of people. People in every country, city, village, or particular social group have their social media exposed to the world.
  2. “All the technological pillars are in place. Attack implementation does not require significant investment and attacks can be launched not just by national states and corporations but also by individuals and small criminal groups.
  3. “Actors can already impersonate and steal the identities of politicians, C-level executives, and celebrities. This could significantly increase the success rate of certain attacks such as financial schemes, short-lived disinformation campaigns, public opinion manipulation, and extortion.
  4. “The identities of ordinary people are available to be stolen or recreated from publicly exposed media. Cybercriminals can steal from the impersonated victims or use their identities for malicious activities.
  5. “The modification of deepfake models can lead to a mass appearance of identities of people who never existed. These identities can be used in different fraud schemes. Indicators of such appearances have already been spotted in the wild.”

RELATED READING: "Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here": https://blog.knowbe4.com/reshaping-the-threat-landscape-deepfake-cyberattacks-are-here

RELATED READING: The FBI Warns Against A New Cyber Attack Vector Called Business Identity Compromise (BIC) & Top 5 Deepfake Defenses  https://blog.knowbe4.com/deepfake-defense

Trend Micro offers the following recommendations for organizations to prepare themselves against these attacks:
  • “A multi-factor authentication approach should be standard for any authentication of sensitive or critical accounts.
  • “Organizations should authenticate a user with three basic factors: something that the user has, something that the user knows, and something that the user is. Make sure the “something” items are chosen wisely.
  • “Personnel awareness training, done with relevant samples, and the know-your- customer (KYC) principle is necessary for financial organizations. Deepfake technology is not perfect, and there are certain red flags that an organization’s staff should look for.
  • “Social media users should minimize the exposure of high-quality personal images.
  • “For verification of sensitive accounts (for example bank or corporate profiles), users should prioritize the use of the biometric patterns that are less exposed to the public, like irises and fingerprints.
  • “Significant policy changes are required to address the problem on a larger scale. These policies should address the use of current and previously exposed biometric data. They must also take into account the state of cybercriminal activities now as well as prepare for the future.”

New-school security awareness training can teach your employees to follow security best practices so they can thwart evolving social engineering tactics. 

Trend Micro has the story: https://www.trendmicro.com/en_us/research/22/i/how-underground-groups-use-stolen-identities-and-deepfakes.html


Get Your Free 2022 Cybersecurity Awareness Month Resource Kit

In today's hybrid work environment, your users are more susceptible than ever to attacks like phishing and social engineering. Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities. We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users defend against cybercrime whether they are fully remote, back in the office, or a combination of both.

Cyber-22-ResourcesHere's what you'll get:

  • Access to free resources for you including our most popular on-demand webinar and whitepaper
  • Resources to help you plan your activities, including your Cybersecurity Awareness Month Guide and Cybersecurity Awareness Weekly Planner
  • New featured interactive training module for your users: "2022 Social Engineering Red Flags," plus 3 additional interactive training modules, all available in multiple languages
  • Resources to share with your users including training videos, security docs, tip sheets, security hints and tips newsletters, plus posters and digital signage assets, all available in multiple languages
  • All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from 

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit 

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews