The US Cybersecurity & Infrastructure Security Agency (CISA), along with the FBI and NSA, has jointly released a cybersecurity report focused on the growing threat of deepfakes and recommendations for identifying and responding to these digital deceptions.
While deepfake technology, which involves creating synthetic, highly realistic images and videos, has been in existence for some time, recent advances in artificial intelligence and machine learning have made it more accessible and convincing. The report underscores that deepfakes pose a significant risk to various organizations, including government agencies, national security entities, defense organizations, and critical infrastructure operators. These maliciously manipulated media can be employed for purposes such as spreading disinformation, executive impersonation, financial fraud, and cyberattacks.
Additionally, the report highlights the various ways in which malicious actors can utilize deepfakes to compromise organizations, including creating video and audio content impersonating executives for purposes like brand manipulation or stock price manipulation.
Furthermore, cybercriminals can use deepfakes for social engineering attacks, including business email compromise and cryptocurrency scams, or to impersonate individuals to gain access to sensitive user accounts or proprietary data.
To demonstrate the real-world impact of deepfake threats, the agencies provide two examples of attacks that occurred in May 2023. These examples involve malicious actors using synthetic audio, visual media, and text messages to impersonate executives and attempt to manipulate employees for financial gain.
The report also outlines ongoing efforts to detect deepfakes and authenticate media, highlighting initiatives from organizations such as DARPA, DeepMedia, Microsoft, Intel, Google, and Adobe.
Additionally, the agencies offer recommendations for organizations to protect themselves from deepfake threats. These recommendations include implementing technology to detect deepfakes, safeguarding the data of high-profile individuals, and educating personnel to recognize and respond to deepfake incidents. Organizations are also advised to create response plans for potential deepfake attacks, including conducting tabletop exercises, and to collaborate with the US government to share their experiences and insights regarding these evolving threats.