Cybercriminals are shapeshifting to evade security controls

• Burned-out security teams fight back lateral network migration and attacks with geopolitical motivations
• Cybercriminals’ new goal is to use deepfake technology to compromise organizations and gain access to their environment

Deepfakes, an innovation brought about by the development of modern technology, are shaking up the media landscape. However, its innovation has been used for the wrong reason—to get beyond security controls. Deepfake is an emerging threat that falls under the larger and more prevalent category of synthetic media. It uses artificial intelligence/machine learning (AI/ML) to produce convincing, realistic images, audio, text, and video of untrue events.

A deepfake attempt was made on Yang Mi, one of the most well-known actresses in China, in a February 2019 incident. Some people expressed their displeasure over the violation of their privacy and image rights as well as the dangers of the technology being utilized to produce unlawful or harmful videos.

Deepfake content is very convincing, and as deepfake technology continues to advance, it has become more challenging to distinguish between authentic and fake information. The seventh annual Global Incident Response Threat Report, published by VMware, Inc. at Black Hat USA 2022, delves deeply into the difficulties security teams confront in the face of pandemic interruptions, burnout, and cyberattacks with geopolitical motivations.

​

According to research findings, 65% of defenders claim that since Russia invaded Ukraine, cyberattacks have escalated. The report sheds light on new threats like deepfakes, API attacks, and cybercriminals that target incident responders directly.

Evading security controls is possible with deepfakes

Cybercriminals are now using deepfakes as part of their attack strategies, according to Rick McElroy, principal cybersecurity strategist at VMware, to get around security controls.

“Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment,” said McElroy.

Additional key findings from the report include:

• Cyber pro burnout is still a serious problem. In the preceding 12 months, 47% of incident responders reported experiencing burnout or intense stress, a little decrease from 51% the year before. Of those surveyed, 69% (up from 65% in 2021) said they had thought about quitting their jobs as a result.
• Actors using ransomware employ cyber extortion techniques. As well-known cyber cartels continue to extort businesses using double extortion strategies, data auctions, and blackmail, 66% of respondents have come across affiliate programs and/or alliances amongst ransomware groups in the previous 12 months, and 57% of respondents have experienced such attacks.
• APIs are the new endpoint and the next line of attack for attackers. The security of APIs is currently at risk from 23% of threats as workloads and apps multiply. Data exposure (42% of respondents reported experiencing this in the last year), SQL and API injection attacks (37% and 34%, respectively), and distributed Denial-of-Service assaults (33%), are the most common types of API attacks.
• The lateral movement is the new battleground. Lateral movement was seen on 25% of all attacks. To snoop around in networks, hackers used everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%), and.NET (39%).

According to Chad Skipper, a global security technologist at VMware, security teams require a sufficient amount of visibility across workloads, devices, users, and networks to detect, protect against, and react to cyber-attacks in order to defend against the expanding attack surface.

“When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems,” added Skipper.

Deepfakes and other emerging threats discussed in the report represent a growing challenge that will require ongoing research to stop criminals from exploiting it. The more visibility defenders have across today’s expanding attack surface, however, the better equipped they’ll be to weather the storm.

---

---

---

---