The new age of digital technologies is making it harder to distinguish between what is real and what is fake. One of the technologies contributing to this problem is deepfakes, which make hyper-realistic videos by applying artificial intelligence to depict doing or saying things that never happened.
Like all other new and emerging technologies, deepfake technology was not created to cause harm. In fact, it has gained traction in industries such as digital communications, games, movies, entertainment, social media, and healthcare. For instance, deepfake technology is used in movies starring dead actors by combining it with special effects and advanced face editing in post-production.
However, this technology, in the wrong hands, can be used to launch cyberattacks, interfere with elections, sow civil unrest, or get weaponized for disinformation. In this section, we will look at how cybercriminals use deepfakes to cause havoc.
What are Deepfakes?
Deepfakes are hyper-realistic video depictions of people doing and saying things that never actually happened. To achieve this, deepfakes use machine learning, a subset of artificial intelligence, to combine images, sounds, and movements to create a hyper-realistic video capable of passing as an authentic video.
Deepfakes are created using deep learning, with the most common method being the use of a generative adversarial network (GAN). GAN relies on neural networks to analyze large sets of data samples to learn to mimic a person’s mannerisms, facial expressions, voice, and inflections. Footage of two people is fed into a deep learning algorithm which is trained on massive data on how to swap faces. Using facial mapping technology, the algorithm is able to swap the face of a person in the video. The technology can also be able to ‘swap’ the voice of the person in the video into authentic-sounding audio of them speaking.
Why Do Deepfakes Concern Cybersecurity Experts?
Business email compromise (BEC) and other spear phishing techniques have long been the modus operandi for most cyber criminals looking to steal or compromise a computer system. The idea behind these phishing methods was simple, be convincing enough to a point where the target victims believe them and send them money or install ransomware on their computer system, which they can use to compromise an entire network.
However, the emergence of deepfakes as an alternative to commonly used phishing methods poses a new threat to cybersecurity experts. Cybercriminals are now able to mimic and clone voice messages, which they can send as legitimate voicemails to their victims. Today, we have also seen deepfakes being employed in real-time to swap the faces of one person with another. This can be employed in video calls or even during remote working sessions, which can allow cybercriminals to gain access to unauthorized veterinary practice staff meetings and video conferences. In the hospital setting we see the use of deepfakes to request large sums of money for new hospital equipment. Such as Xray tables, computer hardware etc.
Another area in which cybercriminals are finding it easy to compromise using deepfakes is systems that use biometric data instead of passwords. The emergence of deepfake technology that allows physical attributes such as irises, voices, and faces to be replicated has made it easy for these criminals to use the technology to gain access to data and computer systems that are secured with biometric data.
In the corporate world, there is a growing fear that deepfakes could be used for market and stock manipulation, which can be as easy as cybercriminals making a deepfake that shows a chief executive saying misogynistic slurs, committing a crime, or announcing a fake merger. Such an application of deepfake is also likely to be used against practice owners in the future.
There is also a high likelihood that deepfakes will be used in combination with other methods, such as business email compromise, to steal money from veterinary practices in the future. In the past, cybercriminals have relied on emails only to try and convince employees to send money to fraudulent accounts. However, there is a high chance that, by combining real-time video calls with business email compromise and other phishing emails, the process taken to convince their victims to send money will be easy.
Despite the deepfake technology having applications in areas such as animation, movies, digital marketing, and video games, its growing use among cybercriminals should concern veterinary practices. Therefore, practice owners need to prepare for such attacks by teaching their employees how to detect, authenticate, and verify all video and voice calls made between them and their supposed co-workers.
As a practice owner, it is also important to keep in mind that you may be a target of these deepfake attacks. Therefore, you should also learn how to detect, authenticate, and verify all video and voice calls that are related to your veterinary practice, including those from your employees and even suppliers. By doing that, you will reduce the chances of getting attacked by cybercriminals using deepfakes. The easiest solution is to have a form of 2FA ( 2 Form Factor Authentication) when it comes to larger sums of money. Ie a code word that you, your hospital admin and your accountant use to confirm large sums of money transfers.
Need help making sure your hospital is prepared for a cyber attack?
Start by downloading our FREE eBook “5 Simple Steps to Protect Your Hospital“. It contains 5 easy low-cost or FREE solutions to help you become more cyber resilient.