The threat landscape with cyber security is changing daily, with hackers and cyber security personnel in a perpetual hunt-and-mouse hunt; Hackers are discovering new ways to infiltrate and exploit their targets, and the cybersecurity industry is looking for vulnerabilities, trying to anticipate new threats and responding when cybersecurity issues arise.
The cybersecurity industry faced a challenging combination of new and familiar challenges by 2020. The massive transition to work from home in response to the COVID-19 pandemic has brought an urgency to secure a wider range of home devices and networks and an immediate increase in demand for training and services that protect employees in identifying cyberattacks and frauds.
In 2020, hackers actively exploited the COVID-19 pandemic as well as the resulting unemployment. Financial stimulus controls were focused. Approximately 30% of phishing websites were related to COVID-19. In April 2020, Google reported 18 million instances per day of malware and phishing emails sent through its Gmail service using COVID-related topics as bait.
Although COVID-19 was unknown before 2020, most of the methods used to target humans in the past year were too familiar, either recycled or reused, to monetize the fear of the pandemic. Phishing emails were a common approach and have been around since at least the mid-1990s. Ransomware was also a relatively obscure form of malware until the early 2010s, but it has increased in scope and the amount of damage it has caused year after year, with the help of a proliferation of botnets, cryptocurrencies and sophisticated criminal companies. 2020 saw a record number of ransomware attacks, and we can expect more of the same in 2021.
While it is important to protect against more well-established hacking techniques, invest in security training and follow good computer hygiene, it is also necessary to look ahead to possible forms of cyberattack from newer and still evolving vectors. And while 2021 is unlikely to contain a host of new threats, there are trends to watch.
Deepfakes have received a great deal of attention in recent years, but their use of cybercriminals or hackers has still been relatively limited. We can all help keep it that way by familiarizing ourselves with threats before they become a reality. As with all potential cybercrime, deterrence here will be facilitated by an awareness of what deep counterfeiting is, how it works and what it can and cannot do.
A deep forgery is a combination of "deep learning" of artificial intelligence and that keyword for the 2010s: "false".
A deep fake can be a digital image, video or audio file. All digital media assets created using artificial intelligence qualify.
Some examples of deep forgeries:
Facebook CEO Mark Zuckerberg admits various misdeeds including enabling genocide;
an audio clip of the popular podcast host Joe Rogan, and perhaps most startling; software that enables real-time facts on video conferencing platforms for well-known people, including Steve Jobs, Eminem, Albert Einstein, and the Mona Lisa.
While doctoral videos or photos are sometimes labeled deepfakes, ordinary deepfaked files are usually created with algorithms that create composites of existing images, effectively "learning" to identify faces and voices and combine them to create new content. A website called "This person does not exist" shows the potential of this technology by presenting eerily realistic images of fictional people collected in real time by merging thousands of images.
How big a cyber security threat is Deepfakes?
Deepfakes have the ability to deceive, making them a threat. "There's a wide area of attack here – not just military and political but also insurance, law enforcement and trade," Matt Turek, program manager for the Defense Advanced Research Projects Agency, told the Financial Times.
Despite the above examples, the widespread threat of deep forgery has not yet been realized, at least not up to this point. The technology is mainly still used for viral videos and adult content and not for the type of high-tech cyber espionage that has worried computer scientists, security experts and politicians.
One of the reasons why deep fakes have not been used at their full threat potential has to do with how they are generated: at this point in technology development, deep learning and AI algorithms required to generate a convincing deep fake implement huge amounts of sample content.
Another factor limiting the spread of deepfakes: Scammers do not need them. There are many low-tech ways to deceive people. A "fake" deep fake video from Nancy Pelosi was viewed by millions and retweeted by President Trump; it was a speech that Parliament's speakers had previously played at a slower speed. In the same way, the soundtrack was not compiled in a widely distributed deep rebuttal by then-President Obama by AI but was recorded by a skilled imitator.
Scammers will often call targets who pretend to be relatives, supervisors, co-workers. , Technical support, without the need for high-tech solutions. Providing a target with a sense of urgency combined with a compelling story is all a fraudster needs to get someone to install malicious code, help commit thread scams, or disclose sensitive information.
This does not mean that deep counterfeiting is harmless. As deep fakes grow in popularity, we can expect new apps to create faster, more compelling and cheaper digital counterfeits.
The best defense against fraud or cyberattacks using deepfake technology is knowledge. It is more difficult to deceive informed people. Coverage of personal cyber protection can also protect against the effects of these threats. This recommendation provides the type of coverage you can expect from a first-party security liability: data recovery and recovery, cyberbullying, financial loss due to online fraud and breaches of personal data. In addition, it goes a step further and covers psychiatric counseling services, legal costs, temporary relocation costs and additional costs associated with cyberbullying attacks.
Take the right steps to ensure your peace of mind online. Contact your local independent agent to learn more about cyber insurance.
The insurance cover described above is in the most general terms and conditions and is subject to the actual exceptions and conditions of the insurance. For specific coverage information and policy exceptions, see the policy itself or contact a central agent.
Blog courtesy of CyberScout. © 2020 CyberScout, LLC