Cybercrime: Assume breach, never trust and always verify

Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured
image: ©Just_Super | iStock

For decades cybercriminals have used tactics such as phishing and malware, but the convergence of two pivotal technologies sparked a dramatic surge in cybercrime 

Firstly, the advent of anonymous networks, or darknets, such as Tor, has provided a cloak for illicit activities. Secondly, the introduction of cryptocurrency, notably Bitcoin, has revolutionised financial transactions in the underworld. These two tactics have driven cybercriminals to communicate and transact securely, setting off a chain reaction. As new cybercrime services emerge, the barriers to entry are lowered, paving the way for a proliferation of phishing and malware attacks.

The allure of earning money without fear of detection has created a wave of newcomers into the cyber underworld. Today, cybercrime is the biggest online threat to businesses, yet it appears that misinformation and disinformation campaigns are also trending in a similarly alarming direction.

The term “Psyops” may be a modern term, but influence campaigns have existed for centuries in today’s world, it has never been easier to reach a mass audience, amplify a message, and, if necessary, distort reality.

One way this reality is being distorted is through the use of deepfakes, which maliciously replace authentic images and videos with fabricated ones to manipulate information.

The perils of deep fakes

Deepfake technology has reached unprecedented levels of sophistication. Cybercriminals now possess the capability to manipulate sounds, images, and videos with the intent to deceive individuals and organisations, spreading false information in the process. This creates an escalating threat to both industry and individuals worldwide, demanding urgent action.

The process of generating online personas and bots, along with disseminating desired messages to target audiences through fringe forums and niche discussion groups, has been automated and refined. Once the information is planted, it’s only a matter of time before it spreads, infiltrating mainstream social networks and media platforms, and gaining organic amplification along the way.

To exacerbate matters, as outlined in Whitney Phillips’ “The Oxygen of Amplification,” simply reporting on false claims and fake news, even to debunk them, inadvertently amplifies the original message and aids in its distribution to the masses. Furthermore, the evolution of technology has made the creation of deepfakes relatively easy, eliminating the need for coding skills. With a low barrier to entry to use this technology, coupled with methods for distribution and avenues for monetization, fuels the resurgence of cybercriminal activity.

Unfortunately, organisations are increasingly falling victim to cybercriminals using deepfake technology. Most recently, a company in Hong Kong suffered a staggering loss of £20 million in a deepfake video conference call scam. The employee involved claimed to have been deceived into transferring the money by individuals impersonating senior company officials, resulting in significant financial loss.

As deepfake technology advances into real-time capabilities and the proliferation of fake videos for fraudulent purposes and public shaming, compounded by the widespread availability of the technology, a pressing question arises: What measures can be taken to address this issue? Where the authenticity of what we see cannot be trusted, how can we establish truth or reality?

How can we effectively address such a persuasive threat like deepfakes?

Perhaps we can draw insights from the principles of zero trust, advocating for a stance of perpetual verification rather than blind trust and acknowledging the possibility of breaches. These principles are invaluable when looking at online media. Always challenge assumptions, refrain from hasty judgment, and adjust conclusions in light of new information.

How does this perspective translate to combating the threat of deepfakes? By embracing the “assume breach” mentality, you should always assume that individuals within your social network have likely encountered deepfake videos or disinformation campaigns. This exposure may not originate directly from friends or family, but perhaps through acquaintances who unwittingly spread false information. Individuals should adopt the “never trust, always verify” approach. Try to get additional sources for the information given, and verify that what you’re seeing or hearing is real.

As deepfake technology advances in sophistication, cybercriminals often gain the upper hand. While staying ahead of these developments is challenging, maintaining an “assume breach and never trust, always verify” approach can thwart their use of deepfake tactics.

Contributor Details

Etay
Maor
Chief Security Strategist, founding member of Cato CTRL
Cato Networks & founding member of Cato CTRL.

LEAVE A REPLY

Please enter your comment!
Please enter your name here