AI-Based Attacks , Artificial Intelligence & Machine Learning , Black Hat
Real-Time Deepfakes: A Growing Threat to Corporate Security
Bishop Fox's Brandon Kovacs on the Security Risks of Real-Time Voice, Video CloningAdvances in real-time cloning of voice and video have taken deepfakes to a new level, making them more effective for social engineering, said Bishop Fox's Brandon Kovacs.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
Attackers can now deceive victims by impersonating trusted figures in live video calls, and Kovacs said the use of deepfakes in business contexts increases the risk of financial and data loss. Attackers have evolved from posting manipulated content on social media to doing live video calls as cloned versions of high-ranking officials. Criminals are using deepfakes to target financial assets, sensitive systems and network infrastructure (see: Bishop Fox Raises $75M to Fortify Offensive Security Muscle).
"What happens when someone clones your IT help desk guy, and then he calls the service desk and says, 'Hey, I need you to disable specific accounts'? Or, 'I need you to reset people's passwords'?" Kovacs said. "So, it's not just about stealing money. People could use this to compromise networks."
In this video interview with Information Security Media Group at Black Hat 2024, Kovacs also discussed:
- The evolution of deepfakes from misinformation to real-time exploitation;
- Security implications for companies, including the prospect of cybercriminals impersonating CEOs and CFOs;
- How organizations can more effectively detect and mitigate these attacks.
Kovacs specializes in red teaming, network penetration testing and physical penetration testing. As a red team operator, he is adept at identifying critical attack chains that an external attacker could use to fully compromise organizations and reach high-value targets. Kovacs actively performs research and development into artificial intelligence for use in offensive security engagements.