Growth of AI making it easier for bad actors to create realistic fake videos, images
Threat actors and nation-states worldwide, leveraging advances in artificial intelligence (AI) and machine learning, will continue using deepfake video in 2020 for disinformation campaigns and to bypass facial recognition systems, according to cybersecurity firm McAfee.
The Lowdown: Deepfakes – videos and images created through AI-based technologies that are difficult for people to determine the authenticity of – are among the top threat predictions for next year laid out this week by McAfee officials, joining other dangers like ransomware, weak APIs, and the growing use of containers.
The Details: Ransomware, malware, and remote desktop protocol (RDP) attacks were in the news a lot this year, McAfee officials wrote in a blog post. However, the fast-evolving AI and machine learning techniques, leveraged by cybersecurity companies like McAfee to improve their products and services, also are being used by increasingly sophisticated cybercriminals.
According to McAfee, here are the top security threats and trends for next year:
> Deepfake technologies for everyone: Nation-states can use deepfake videos or images to sow discontent in countries and manipulate elections, or a cybercriminal can create one showing a CEO saying something that could impact a company’s stock price. Increasingly easy-to-use techniques now make it easier for less-skilled actors to create deepfake content, which will lead to an increase in the amount of misinformation.
> Deepfakes and facial recognition: AI has been a boon for facial recognition technologies, enabling systems to quickly scan and identify large numbers of faces in almost real-time. However, AI also is fueling techniques for creating deepfakes. McAfee predicts that bad actors will begin generating and using deepfakes to bypass facial recognition systems, forcing organizations to understand the risks that biometric systems like facial recognition present and harden their systems.
> Ransomware grows into two stages: In typical ransomware campaigns, cybercriminals essentially capture and encrypt a company’s data and then demand payment before giving the decryption key. Next year, ransomware campaigns will grow into two-stage attacks. Before the initial ransomware attack, the bad actors will exfiltrate a corporation’s sensitive data and then launch the first stage of the campaign, demanding payment from victims to get their files back. In the second stage, the attackers will target the same victims, either by selling the stolen data online or to again extort the company with the threat of disclosing the data.
> APIs as the weak link: APIs will continue to grow in importance in a world of clouds, microservices, and the Internet of Things (IoT). However, API security is not as strong as other application security components and cybercriminals are increasingly targeting them as an easy avenue to sensitive data. Organizations need to better understand their cloud service APIs, implement policy-based authorization, and embrace user and entity behavior analytics (UEBA) tools.
> DevSecOps and containers: As the use of containers by developers continues to grow, so does the challenge of pre-emptive and continuous detection of vulnerabilities in applications and infrastructure-as-code (IAC) configuration errors. The need to run risk assessment when the code is built and before deployment will fuel the rise of DevSecOps models.
The Buzz: “The ability to create manipulated content is not new,” Steve Grobman, senior vice president and CTO at McAfee, wrote in a blog post. “Manipulated images were used as far back as World War II in campaigns designed to make people believe things that weren’t true. What’s changed with the advances in artificial intelligence is you can now build a very convincing deepfake without being an expert in technology. There are websites set up where you can upload a video and receive in return a deepfake video. There are very compelling capabilities in the public domain that can deliver both deepfake audio and video abilities to hundreds of thousands of potential threats actors with the skills to create persuasive phony content.”
“For 2020, we predict the targeted penetration of corporate networks will continue to grow and ultimately give way to two-stage extortion attacks,” wrote John Fokker, head of cyberinvestigations for McAfee Advanced Threat Research. “In the first stage, cybercriminals will deliver a crippling ransomware attack, extorting victims to get their files back. In the second stage, criminals will target the recovering ransomware victims again with an extortion attack, but this time they’ll threaten to disclose the sensitive data [that was] stolen before the ransomware attack.”
“Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data,” wrote Sekhar Sarukkai, vice president and fellow at McAfee. “Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams. Vulnerabilities will continue to include broken authorization and authentication functions, excessive data exposure, and a failure to focus on rate limiting and resource limiting attacks. Insecure consumption-based APIs without strict rate limits are among the most vulnerable.”