Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Blog

    Back

    The Rise of Deepfake Phishing Attacks

    By BUFFERZONE Team, 12/03/2024

    Target: IT Professionals (Elementary)

    Tags: Phishing, Safe Workspace®, Safe Browsing, NoCloud ™ Anti-Phishing, Protection by containment™

    The threat of deepfake phishing is not only real but also escalating rapidly. Reports [1, 2] indicate that in 2023, attempts at deepfake fraud surged by an astounding 3,000%.
    Cybercriminals exploit deepfake technology, utilizing synthetic videos, images, and webpages to bypass biometric security measures and orchestrate account breaches.

    This surge can be attributed to the democratization of deep learning technologies. Previously, deploying these sophisticated AI algorithms required extensive data science
    expertise or significant financial investment. However, a wide array of advanced, user-friendly AI models is available at minimal or no cost, eliminating the need for
    advanced coding skills.

    The trend towards more accessible generative AI technologies suggests that deepfake phishing attacks will only become more common.
    While the proliferation of generative AI holds numerous benefits, it also lowers the barrier for malefactors looking to create authentic-looking fake content for nefarious purposes.

    Even without the inclusion of deepfake capabilities, email phishing inflicts considerable financial damage on U.S. companies, averaging losses of $4.91 million [1].
    Given the lucrative nature of these schemes and the relative ease of execution, it makes sense that cybercriminals will increasingly incorporate deepfakes into their
    arsenal of attack methods.

    Object detection is a crucial ability for defenders to identify the content of web pages and warn against fraudulent websites.
    A recent study [3] shows that adversarial attacks on website logos are becoming more common and pose a threat to bypass artificial intelligence (AI) with AI.
    Furthermore, a new attack using steganography [4] to bypass object detection has been discovered. As defenders become more sophisticated, so do the attackers.
    We will delve deeper into these technologies in future blog posts.

    Fight AI with AI

    To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails,
    implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting
    the human factor. However, this attack used a simple lure text and malicious phishing link.

    This is why we created BUFFERZONE® Safe Workspace®, (that  it’s strategic concept is Protection by containment™) suite of zero-trust solutions that consists of Safe Mail, NoCloud™
    Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction (CDR), and Safe Browser, a secure browsing solution.

    Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE® SafeBridge® to CDR emails and open links and attachments securely inside a BUFFERZONE® secure virtual container. BUFFERZONE® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In this phishing example, the lure link will be
    opened inside our container and detected by our NoCloud™ AI anti-phishing technology. As a result, the next step of the attack is stopped, and the human factor security
    breach is minimized. BUFFERZONE® NoCloud™ AI anti-phishing runs Deep Learning (DL) AI models on the endpoint leveraging Intel Neural Processing Unit (NPU)
    (Demo) without sending sensitive or confidential data to the cloud.

    Conclusion

    Phishing attacks are too easy to create, and this is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and
    prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution with an intelligent
    phishing detection solution, the organization achieves the highest level of security and keeps IT simple.

    References

    [1] https://hackernoon.com/deepfake-phishing-grew-by-3000percent-in-2023-and-its-just-beginning

    [2] https://onfido.com/landing/identity-fraud-report/?ref=hackernoon.com

    [3] Apruzzese, G., Anderson, H. S., Dambra, S., Freeman, D., Pierazzi, F., & Roundy, K. (2023, February). “Real Attackers Don’t Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice. In 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML) (pp. 339-364). IEEE.

    [4] Sharma, G., & Garg, U. (2024). Unveiling vulnerabilities: evading YOLOv5 object detection through adversarial perturbations and steganography. Multimedia Tools and Applications, 1-20.