Deep Fake Losses to Challenge Cyber Insurers, CyberCube Warns

January 7, 2021

What do Ulysses and his Trojan Horse, the pickpocket Fagan in Charles Dickens’ Oliver Twist and a video of Facebook’s Mark Zuckerberg touting how his company “owns” its customers have in common?

They are old and new forms of deception that hoodwink targets into believing that an interaction is something that it is not. Today, these interactions are increasingly in cyberspace as technology takes social engineering and mimicking techniques to new levels of sophistication.

Cyber analytics specialist CyberCube is warning that the use of deep fake video and audio technologies could become a major cyber threat to businesses and cyber insurers within the next two years.

Cyber criminals are well-equipped to create fake images of real business leaders like the one made of Zuckerberg or of politicians and other public figures.

In its new report, Social Engineering: Blurring reality and fake, CyberCube says the ability to create realistic audio and video fakes using artificial intelligence and machine learning has grown steadily. In addition, recent technological advances and the increased dependence of businesses on video-based communication have accelerated developments.

Because of the increasing number of video and audio samples of business people now accessible online – in part due to the pandemic – cyber criminals have a large supply of data from which to build photo-realistic simulations of individuals, which can then be used to influence and manipulate people.

In addition, a technology known as “mouth mapping” that was created by the University of Washington can be used to mimic the movement of the human mouth during speech with extreme accuracy. This complements existing deep fake video and audio technologies.

The report’s author, Darren Thomson, is California-based CyberCube’s head of cyber security strategy. He says that as the availability of personal information increases online, criminals are investing in technology to exploit this trend. “New and emerging social engineering techniques like deep fake video and audio will fundamentally change the cyber threat landscape and are becoming both technically feasible and economically viable for criminal organizations of all sizes,” he warns.

In reality, in March 2019, cyber criminals used AI-based software to impersonate a chief executive’s voice to demand the fraudulent transfer of $243,000, the report notes. Reports of actual cases like this are thus far rare but it’s not hard to imagine the picture changing quickly.

Thomson offered a few hypotheticals. “Imagine a scenario in which a video of Elon Musk giving insider trading tips goes viral – only it’s not the real Elon Musk. Or a politician announces a new policy in a video clip, but once again, it’s not real. We’ve already seen these deep fake videos used in political campaigns; it’s only a matter of time before criminals apply the same technique to businesses and wealthy private individuals. It could be as simple as a faked voicemail from a senior manager instructing staff to make a fraudulent payment or move funds to an account set up by a hacker.”

The CyberCube report also examines the growing use of traditional social engineering techniques – exploiting human vulnerabilities to gain access to personal information and protection systems. One facet of this is social profiling, which involved the assembling the information necessary to create a fake identity based on information available online or from physical sources such as refuse or stolen medical records.

According to the report, the blurring of domestic and business information technology systems created by the pandemic combined with the growing use of online platforms are making social engineering easier for criminals. In addition, AI technology is making it possible to create social profiles at scale.

“Historically, a criminal leveraging social engineering techniques would have had to imitate a close relation or colleague in the physical world. Now, the spoofing of an email address or the creation of a fake social media account may be sufficient,” says the report.

CyberCube’s Software-as-a-Service platform helps insurance companies underwrite cyber risk and manage cyber risk aggregation. Its enterprise intelligence provides insights on millions of companies globally and includes modellng on thousands of points of technology failure.

The report warns insurers that there is little they can do to combat the development of deep fake technologies but stresses that risk selection will become increasingly important for cyber underwriters.

“There is no silver bullet that will translate into zero losses,” says Thomson. “However, underwriters should still try to understand how a given risk stacks up to information security frameworks. Training employees to be prepared for deep fake attacks will also be important.”

He said insurers should also consider the potential of deep fake technology to create large losses as it could be used in an attempt to destabilize a political system or a financial market.

Source: Blurring reality and fake

Was this article valuable?

Here are more articles you may enjoy.