VideoPhishing: A video call from my CEO hacked the company

DeepFake and Threat Actors

If you have not heard about DeepFake, then this is the place to be, in this article we will explain how DeepFake can be used in cyber attacks to obtain access. Well, first, it is important to understand what DeepFake is and what it does.

Well, if you watched the video above, you will understand what the mindset behind DeepFake is. It allows anyone to train a set to mimic the actions of.. lets say… YOU.

You might also want to see how this drone is using cameras and the (dark) web to identify people

Now just imagine the following scenario:

The marketing videos of a company that include the CEO are used in the DeepFake network to generate a set that can mimic the CEO based on the threat actor actions. The next step is that the same thing will be done with the audio (if this is needed), once that sets are trained and prepared, the threat actor continues reconnaissance in order to find high profile individuals in the company.

Once the names are found, the whats app or instant messaging service that is being used by the individuals will get a VIDEO CALL from the threat actor. The only difference is, the victim will not be able to spot the difference, hell, you can even mimic a busy environment (example: train or subway), and state the connection is bad.

The threat actor will have a high chance of guiding the victim into taking steps that will grant the threat actor a clear path to its objective.

So in steps:

  • Targets are selected by threat actor
  • DeepFake is used to create a system which can mimic high profiles of environment X
  • The trained data will be used to target individuals that can provide access to the objectives of the threat actor
  • The threat actor gets the objective
  • Individual will not believe what has happened, the chance that the security team will hear about this, is in my eyes, very low