VMware Reports Increase in Deepfake Cybersecurity Attacks
VMware’s eighth annual Global Incident Response Threat Report warns of an increase in the use of deepfakes in cybersecurity attacks, which are increasingly geopolitical in nature and used more for extortion purposes.
Deepfakes refer to the ability to harness machine learning and artificial intelligence to perform actions such as replacing a person in a photo or video.
For the purposes of this report, the glossary indicates that a deepfake is synthetic media (audio or video) that is entirely created or modified by AI or machine learning to convincingly portray someone as doing or saying something. something that was not actually done or said.
“Cybercriminals are now incorporating deepfakes into their attack methods to evade security checks,” Rick McElroy, senior cybersecurity strategist at VMware, said in an Aug. 8 press release announcing the new Global Threat Report. incident response. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase over last year, with email as the primary delivery method. “Beyond using synthetic video and audio simply for influence or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.”
Email was the primary delivery method for these attacks (reported by 78% of respondents), which VMware says is consistent with the rise in business email compromises (BECs), i.e. when criminals send messages that appear to come from a known source with a legitimate request. “From 2016 to 2021, BEC incidents cost organizations approximately $43.3 billion, according to the FBI,” the report said. In fact, he said the FBI recently cited an increase in complaints about “the use of deepfakes and stolen personally identifiable information (PII) to apply for a variety of remote and work-from-home positions.” .
After email, the other main methods of spreading deepfake attacks include mobile messaging, voice, and social media.
“New platforms are also increasingly used for such attacks, including third-party meeting apps (31%) and enterprise collaboration tools (27%), in the form of communication compromises. ‘company (BCC),’ the report said. “Scams were cited as the main objective of these attacks (60%), while IT (47%) was listed as the main target sector, followed by finance (22%) and telecommunications (13%) .
More respondents (58%) said deepfake attacks most often take the form of video rather than audio, according to 42%.
Other key findings of the report as presented by VMware include:
- Cyberpro burnout remains a critical issue. Forty-seven percent of incident responders reported experiencing burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (up from 65% in 2021) of respondents considered quitting their job as a result. However, organizations are working to combat this, with more than two-thirds of respondents saying their workplaces have wellness programs in place to combat burnout.
- Ransomware actors incorporate cyber extortion strategies. The prevalence of ransomware attacks, often underpinned by collaborations of cybercriminal groups on the dark web, has not yet ceased. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups while Major cyber cartels continue to extort organizations through double extortion techniques, data auctions, and blackmail.
- APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. Top types of API attacks include data exposure (encountered by 42% of respondents over the past year), SQL injection and API attacks (37% and 34%, respectively), and distributed denial of service attacks (33%).
- Lateral movement is the new battlefield. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from scripting hosts (49%) and file storage (46%) to PowerShell (45%), business communication (41%) and .NET (39%). ) to dig inside networks. An analysis of telemetry within VMware Contexa, a threat intelligence cloud fully integrated with VMware security products, found that in April and May 2022 alone, nearly half of intrusions contained a lateral movement event.
The report also contains good news: “Defenders are successfully implementing new strategies and methods to stem the tide of incursions. For example, 75% of organizations used virtual patches as a contingency mechanism, reflecting the increasing maturity of security teams Nearly 90% of respondents now say they are able to disrupt an adversary’s activities, and 74% say IR engagements are resolved in a day or less. last year, overall burnout rates are down slightly from 2021 as organizations take smart steps to improve employee wellbeing.”
The report is based on an online survey of trends in the incident response landscape as of June 2022, interviewing 125 cybersecurity and incident response professionals from around the world.
David Ramel is an editor and writer for Converge360.