Deepfakes on the rise as tools for cyberattacks, report finds

8 Aug 2022

Image: © Katerina/Stock.adobe.com

A VMware report found that deepfakes, employee burnout and ransomware attacks from dark web groups are threatening organisations’ security in 2022.

Cybercriminals are increasingly using emerging technologies such as deepfakes to attack and infiltrate organisations, a new report suggests.

According to the Global Incident Response Threat Report released by VMware today (8 August), two out of three respondents saw malicious deepfakes being used as part of cyberattacks. This marks a 13pc increase from VMware’s 2021 report.

Deepfakes use AI to combine and superimpose existing images and videos to make fake images of people or make it look like a person has said or done something they have not. Delivered mostly through email, VMware said these cyberattack deepfakes are used to compromise the security of victim organisations and get past their safeguards.

“Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns,” said Rick McElroy, principal cybersecurity strategist at VMware.

“Their new goal is to use deepfake technology to compromise organisations and gain access to their environment.”

Launched as part of the Black Hat 2022 cybersecurity conference in Las Vegas, the report details the challenges faced by security teams around the world amid pandemic disruptions, burnout and threats stemming from geopolitical instability. It is based on a survey of 125 cybersecurity and incident response professionals.

Nearly two-thirds of respondents stated that cyberattacks have increased since Russia invaded Ukraine. A Microsoft report in June also found that Russian cyberattacks have grown since the start of the invasion of Ukraine, with attacks aimed at the US, Baltic countries and NATO countries.

VMware’s report highlighted burnout as a critical issue among security teams. Nearly half (47pc) of respondents said they experienced burnout or extreme stress in the past 12 months, down slightly from 51pc last year.

More worryingly, nearly 70pc of those experiencing burnout said they have considered leaving their job as a result. This figure is up from 65pc in 2021.

However, VMware said organisations are working to combat this. More than two-thirds of respondents stated that their workplaces have implemented wellness programs to address burnout.

“In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect and respond to cyber threats,” said Chad Skipper, global security technologist at VMware.

One of the big cyber threats is ransomware, often stemming from cybercrime groups operating on the dark web.

Nearly 60pc of respondents have encountered such attacks in the past 12 months, and two-thirds have encountered affiliate programmes and partnerships between ransomware groups as prominent cyber cartels continue to extort organisations through double extortion techniques, data auctions and blackmail.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com