International. The company iProov presented a report on threats to remote identity verification, providing insights into the anatomy of a digital injection attack and exposing the methodologies, trends, and impacts of malicious actors.
The 'iProov Threat Intelligence Report 2024: The Impact of Generative AI on Remote Identity Verification' reveals how cybercriminals are using advanced AI tools to effect convincing face exchanges, along with emulators and other metadata manipulation methodologies (traditional cyberattack tools), to create new threat vectors.
"Generative AI has provided a huge boost to threat actors' productivity levels: these tools are relatively low-cost, easily accessible, and can be used to create highly convincing synthesized media, such as facial exchanges or other forms of deepfakes that can easily fool the human eye, as well as less advanced biometric solutions. This only serves to increase the need for highly secure remote identity verification," says Andrew Newell, Chief Scientific Officer at iProov.
What happened last year?
Two main types of attacks have been identified by iSOC - iProov's Security Operations Center: presentation attacks and digital injection attacks.
Among the trends discovered during 2023 is evidence of a significant increase in packaged AI imaging tools that make it much easier and faster to launch an attack.
In addition, there was a 672% increase between the first and second half of 2023 in the use of deepfake media, such as facial exchanges, which were implemented alongside metadata spoofing tools.
Unlike the human eye, advanced biometric systems can be resistant to these types of attacks. However, in 2023, malicious actors exploited a loophole in some systems by using cyber tools, such as emulators, to hide the existence of virtual cameras.
"While the data in our report highlights that face-swapping is currently the most popular deepfake of choice for threat actors, we don't know what's next. The only way to stay one step ahead is to constantly monitor and identify their attacks, the frequency of attacks, who they target, the methods they use, and form a set of hypotheses about what motivates them," adds Andrew Newell.
Evolution of Digital Injection Attacks
The use of emulators and metadata spoofing by threat actors to launch digital injection attacks on different platforms was first observed by the iSOC in 2022 but continued to dominate in 2023, growing by 353% between the first and second half of the year.
An emulator is a software tool used to mimic a user's device, such as a mobile phone. These attacks are rapidly evolving and pose significant new threats to mobile platforms: injection attacks against the mobile web increased by 255% between the first half and the second half of 2023
Advances in collaboration and sophistication
Throughout 2022 and 2023, levels of indiscriminate attacks ranged from 50,000 to 100,000 times per month. There was also a considerable increase in the number of actors and an improvement in the sophistication of the tools used.
A significant growth was also observed in the number of groups engaged in the exchange of information related to attacks against biometric and remote human identification or "video identification" systems, evidencing the collaborative approach that threat actors are now taking.
Leave your comment