Deepfake ransomware among experts’ list of cyber fears

Trend Micro's future threat researchers explain how hackers of the future will cause chaos

Deepfake mockup

Deepfake ransomware is among the most feared future cyber attack vectors, according to Trend Micro's future threat researchers.

The company believes this type of ransomware, which involves an attacker taking a selection of the swathe of images individuals post online and use to create an embarassing or scandalous video such as pornography or violent behaviour, could start to spread in years to come.

Because of the possibility that this kind of footage could be career ending at least, Rik Ferguson, VP of security research and Robert McArdle, director of forward-looking threat research at Trend Micro, believe this kind of attack could be use to target politicians for extortion.

The pair told delegates at Cloudsec 2019 that an attacker could make a video by simulating their likeness and the way their voice sounds and demand a ransom for it not to be uploaded online. It has the potential to be hugely effective as we live in a time where fact-checking is done by so few people, so once the video is uploaded, the damage is done regardless of whether or not it's later revealed to be fake.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The fact that Nancy Pelosi, the [US] Democrat, had this issue where a video of her slowed-down speech was released, making it sound slurred or like she was drunk or senile and it had damaging effects," said McArdle. "So politicians are likely to pay for this kind of thing."

"And we've already seen one group just two weeks ago using audio deep fake to actually try to do this exact same scam," he added. "They rang somebody up, said they were the CEO, [and said] can you transfer 234,000 euros. So this sort of thing is getting more and more realistic."

"We used to say 'on the internet, no one knows you're a dog', right? We are rapidly approaching the future [where it's] just 'on the internet, no one knows'," said Ferguson. "You're not able to believe your eyes and ears anymore."

Deepfake ransomware can also be used to target teenagers, they said, due to the great importance they place on their public image, combined with the number of images they share online.

The researchers believe it could be more damaging than current sextortion scams because, with a deepfake, the act doesn't actually have to take place it can just be generated so it's far more scalable. They also voiced their fears that it could spur an increase in teenage suicide, so awareness of these types of scams is important so we can remain sceptical when or if they arise.

Artificial intelligence (AI) was another threat Ferguson and McArdle believed could alter the way cyber attacks look in years to come, specifically with threat modelling.

Advertisement - Article continues below

They said that everyone thinks in different ways and when presented with a problem, people will find different ways of solving it. The same goes for AI when devising ways to exploit computer systems  the technology can look at a system and find complex vulnerabilities to exploit that humans may never have spotted.

"From an AI perspective, once it becomes leveraged by the attacker, obviously, you will have faster and more effective attacks," said Ferguson. "The attacks will happen at machine speed, the tactics will change at machine speed, the malicious code that's running will be aware of the context in which is running.

"So it will be able to adapt and change its behaviour in real-time depending on where it finds itself and depending on the security measures it comes up against."

The Trend Micro pair also highlighted the danger the Internet of Things (IoT) presents in a reverse bring your own device (BYOD) model in the workplace.

Advertisement
Advertisement - Article continues below

As more workers are afforded the opportunity to work from home and as IoT devices start to amass in everyone's homes, this presents a security issue for businesses.

For example, people buy cheap IoT devices such as security cameras online and these are usually delivered with little-to-no security measures built-in.

Advertisement - Article continues below

"For an attacker, that's an excellent example of a poorly secured always-on the device they can gain access to, and then leverage to get onto the rest of the network," said McArdle.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019