International. The company iProov presented a report on threats to remote identity verification, providing information on the anatomy of a digital injection attack and exposing the methodologies, trends and impacts of malicious actors.
The 'iProov 2024 Threat Intelligence Report: The Impact of Generative AI on Remote Identity Verification' reveals how cybercriminals are using advanced AI tools to perform convincing face swaps, along with emulators and other traditional cyber attack tools, to create new threat vectors.
“Generative AI has provided a huge boost to the productivity levels of threat actors: these tools are relatively low cost, easily accessible, and can be used to create highly compelling synthesized media, such as facial swaps or other forms of deepfakes that can easily fool the human eye, as well as less advanced biometric solutions. This only serves to increase the need for highly secure remote identity verification”, said Andrew Newell, Chief Scientific Officer at iProov.
What happened last year?
Two main types of attacks have been identified by iSOC - iProov's Security Operations Center: presentation attacks and digital injection attacks.
Among the trends discovered during 2023 is a significant increase in packaged AI imaging tools that make it much easier and faster to launch an attack.
Additionally, there was a 672% increase between H1 and H2 2023 in the use of deepfake media, such as face swaps, which were deployed alongside metadata spoofing tools.
Unlike the human eye, advanced biometric systems can be resistant to these types of attacks. However, in 2023, malicious actors exploited a loophole in some systems by using cyber tools, such as emulators, to hide the existence of virtual cameras.
“While the data in our report highlights that face swaps are currently the most targeted deepfake by threat actors, we don't know what's next. The only way to stay one step ahead is to constantly monitor and identify their attacks, the frequency of attacks, who they target, the methods they use, and form a set of hypotheses about what motivates them”, adds Andrew Newell.
Evolution of digital injection attacks
The use of emulators and metadata spoofing by threat actors to launch digital injection attacks on different platforms was first observed by iSOC in 2022, but continued to dominate in 2023, growing 353% between the first and second semester of the year.
An emulator is a software tool used to imitate a user's device, such as a mobile phone. These attacks are evolving rapidly and pose significant new threats to mobile platforms: injection attacks against the mobile web increased by 255% between H1 and H2 2023
Advances in collaboration and sophistication
Throughout 2022 and 2023, indiscriminate attack levels ranged between 50,000 and 100,000 times per month. There was also a considerable increase in the number of actors and an improvement in the sophistication of the tools used.
There was also significant growth in the number of groups involved in sharing information related to attacks against biometric and remote human identification or “video identification” systems, evidence of the collaborative approach threat actors are now taking.
