The Generation of Misinformation Revolutionizing the world of Phishing through DeepFakes
10:55 – 11:25(SGT) Thursday 3 December, 2020
In 2017, DeepFakes were primarily used by enthusiasts to generate fake porn videos. Today, DeepFake applications and services are readily available for every individual to use. This makes a sudden growth in the number of manipulated media being released on the Internet every day. In fact, a study from Sensity, a threat intelligence focusing on visual threats, revealed that more than 49,000 DeepFake videos have been uploaded online as of June 2020. This raises a concern as DeepFake’s potential to be abused is apparent now in our society. With this, comes along a more pressing issue to the cyberworld: DeepFake as the innovation that will further propel the success rate of phishing attacks.
This research identifies facets of DeepFake that proves how phishing attacks are being modernized with the use of this new technology. These factors were determined after scrutinizing DeepFake-related incidents in the real-world and evaluating its implication in the cyber landscape. First factor identified was its bypassing security feature. Second, the intentional use of DeepFake to promote false information. Third, being the most evident is exploiting DeepFake to reform old ways of phishing such as voice phishing(vishing).
To begin with, we will tackle how Zao, a DeepFake face-swapping mobile application that requires its user to provide selfies, can be used to exploit and bypass certain security features of other installed applications that uses facial recognition. For example, biometrics technology that verifies the ‘digital identity’ of an individual by means of facial features, can be ‘spoofed’ by the advancement in DeepFake. In addition, Disinformation-as-a-Service (DaaS) is becoming a booming business for cybercriminals being offered in the black market. We will discuss what DaaS is and how it stemmed to social misinformation driven by DeepFake-crafted media. Finally, we will exhibit how the phishing landscape staged by cybercriminals is being scaled up by means of DeepFake to ensure a more successful phishing attack. Infact, the very first incident of a successful DeepFake- vishing attack extorted an amount of $243, 000 from a UK-based energy firm after the CEO listened to a phone call from his alleged “boss”.
With our new situation, less face-to-face encounter is the ‘new norm’ in living our daily lives. Business transactions, work meetings, and school discussions are some of the routines that adapted to this norm and shifted to the digital environment. This poses more risk to people in falling to be victims of misinformation and even more, phishing attacks through DeepFake. This new ‘crease’ in cybersecurity challenges us, analysts, and researchers to understand what DeepFake is and what can be done to prevent this from being exploited.
Felissa Mariz D. Marasigan
G Data AV LAB, Inc.
Felissa Mariz Dimapilis Marasigan is a Virus Analyst for almost 4 years at G Data AV LAB Inc. Yssa, as her colleague calls her, is involved in malware research, analysis, and detection. She is also part of the Quality Assurance team wherein she works together with the team in delivering quality security response to customers. She spearheads a project that focuses on False Positive Prevention of legitimate files. On her free times, Yssa would travel to different places going for mountain climbing, trekking, and waterfall chasing. She also plays MMORP, ARP, and MOBA games.
Lovely Jovellee Lyn S. Bruiz
G Data AV LAB, Inc.
Lovely Jovellee Lyn Saligan Bruiz. For almost seven years in the Information Security Industry, Lovely’s experience includes research, analysis, and detection creation for malicious software at G Data AV LAB Inc. She also works closely with their Information Technology Department in Operation Processes such as Incident Management and Knowledge Management by means of practicing the ITIL framework. In her spare time, Lovely would engage herself in baking pastries and planting herbs, spices, and vegetables. She also loves to watch various food blogs being a certified foodie at heart.
Sponsors and Supporting Organizations
Networking Lounge Sponsor