The threat landscape of cybersecurity changes daily, with hackers and cybersecurity professionals in a perpetual cat-and-mouse chase; hackers discover new ways to infiltrate and exploit their targets, and the cybersecurity industry looks for vulnerabilities, tries to anticipate new threats, and responds when cybersecurity issues arise.
The cybersecurity industry faced a challenging combination of new and familiar challenges in 2020. The massive shift to work from home in response to the COVID-19 pandemic has meant a rush to secure a wider range of home devices and networks, and an instant spike in demand for training and services that protect employees in identifying attempted cyberattacks and scams.
In 2020, hackers actively exploited the COVID-19 pandemic as well as the resulting unemployment. Economic stimulus checks were targeted. Approximately 30% of phishing web pages were related to COVID-19. In April 2020, Google reported 18 million instances per day of malware and phishing emails sent via its Gmail service using COVID-related topics as a lure.
While COVID-19 was unheard-of prior to 2020, most of the methods of attack used to target people this past year were all too familiar, either recycled or repurposed to monetize the fear of the pandemic. Phishing emails were a prevalent mode of attack, and they have been in circulation since at least the mid-1990s. Also, ransomware was a relatively obscure form of malware until the early 2010s, but it has increased in scope and the amount of damage it has caused year after year, aided by a proliferation of botnets, cryptocurrencies, and sophisticated criminal enterprises. 2020 saw a record number of ransomware attacks, and we can expect more of the same in 2021.
While it is crucial to protect against more well-established hacking techniques, to invest in security training, and to follow good data hygiene, it is also necessary to look ahead to possible forms of cyberattack from newer and still developing vectors. And while 2021 is not likely to feature a host of new threats, there are trends to monitor.
Deepfakes
Deepfakes have gotten a lot of attention in recent years, but their deployment by cybercriminals or hackers has still been relatively limited. We can all help keep it that way by familiarizing ourselves with threats before they become realities. As with any potential cybercrime, deterrence here will be aided by an awareness of what deepfakes are, how they work, and what they can and can’t do.
A deepfake is a combination of Artificial Intelligence “deep learning” and that watchword of the 2010s: “fake.”
A deepfake can be a digital image, video, or audio file. Any digital media asset created with the assistance of Artificial Intelligence qualifies.
A few examples of deepfakes:
Facebook CEO Mark Zuckerberg admitting to various misdeeds including enabling genocide;
an audio clip of popular podcast host Joe Rogan, and perhaps most startling; software that enables real-time deepfakes on video conferencing platforms of well-known people, including Steve Jobs, Eminem, Albert Einstein, and the Mona Lisa.
While doctored videos or photos are sometimes labeled deepfakes, true deepfaked files are typically created using algorithms that create composites of existing footage, effectively “learning” to identify faces and voices and combining them to create new content. A website called “This Person Does Not Exist” demonstrates the potential of this technology by presenting eerily lifelike photos of fictional people assembled in real-time by amalgamating thousands of photos.
How Big of a Cybersecurity Threat Are Deepfakes?
Deepfakes have the ability to deceive, which makes them a threat. “There is a broad attack surface here — not just military and political but also insurance, law enforcement, and commerce,” said Matt Turek, a program manager for the Defense Advanced Research Projects Agency to the Financial Times.
Despite the above examples, the widespread threat posed by deepfakes has yet to materialize, at least not up to this point. The technology is primarily still used for viral videos and adult content and not the sort of high-tech cyberespionage that has worried computer scientists, security experts, and politicians alike.
One of the reasons why deepfakes haven’t been deployed at their full threat potential has to do with the way they are generated: at this point in the technology’s evolution the deep learning and AI algorithms required to generate a convincing deepfake implement huge amounts of sample content.
Another factor limiting the spread of deepfakes: Scammers don’t need them. There are plenty of low-tech ways to fool people. A “fake” deepfake 2019 video of Nancy Pelosi was viewed by millions and was retweeted by President Trump; it was a speech the teetotaling Speaker of the House had given earlier played back at a slower speed. Likewise, the audio track in a widely distributed deepfake of then-President Obama wasn’t compiled by AI, but rather recorded by a skilled impersonator.
Scammers will often cold-call targets pretending to be relatives, supervisors, co-workers, tech support, without any need for high-tech solutions. Providing a target with a sense of urgency combined with a convincing story is all a scammer needs to get someone to install malware, assist in the commission of wire fraud, or surrender sensitive information.
That doesn’t mean deepfakes are harmless. As deepfakes grow in popularity, we can expect to see new apps create faster, more convincing, and cheaper digital fakes.
The best defense against scams or cyberattacks that exploit deepfake technology is knowledge. It is harder to dupe informed people. Personal Cyber Protection Coverage can also protect against the effects of these threats. This endorsement provides the type of coverage you might expect from a first-party cyber liability endorsement: data recovery and restoration, cyber extortion, financial loss due to online fraud, and breach of personal data. Plus, it takes things a step further and covers psychiatric counseling services, legal expenses, temporary relocation expenses, and additional expenses related to cyber-bullying attacks.
Take the right steps to ensure your peace of mind online. Contact your local independent agent to learn more about cyber protection insurance.
The policy coverages described above are in the most general terms and are subject to the actual policy exclusions and conditions. For specific coverage details and policy exclusions, refer to the policy itself or contact a Central Agent.
Blog courtesy of CyberScout. ©2020 CyberScout, LLC
Leave a Reply