"The most common attack vector is deepfake audio calls against staff, with 44 percent of businesses reporting at least one instance of this happening, six percent of which resulted in business interruption, financial loss, or intellectual property loss. Those loss rates drop to two percent when an audio screening service is used. For video deepfakes, the figure was slightly lower, 36 percent, but still five percent of those also caused a serious problem."
"The problem is that deepfake audio is getting too convincing and cheap, Chester Wisniewski, global field CISO of security biz Sophos, told The Register. "With audio you can kind of generate these calls in real time at this point," he said. "If it was your spouse they could tell, but if it's just a co-worker you talk to occasionally, you pretty much can do that in real time now without much pause, which is a real challenge.""
"He believes the audio deepfake figures could be underestimating the problem, but said the results were higher than he expected for video. Doing a real-time video fake of a specific individual is incredibly expensive, he said, running into millions of dollars in costs. However, Sophos has seen cases in which a scammer briefly runs a CEO or CFO video deepfake on a WhatsApp call before claiming connectivity issues, deleting the video feed, and moving to text communication to carry on a social-engineering attack."
A survey found 62 percent of cybersecurity leaders reported AI-driven attacks on staff over the past year, including prompt-injection attacks and AI-generated audio or video impersonations. Deepfake audio calls affected 44 percent of businesses, with six percent causing business interruption, financial loss, or intellectual property loss; losses fell to two percent when audio screening services were used. Video deepfakes affected 36 percent, with five percent causing serious problems. Deepfake audio is becoming more convincing and cheaper, enabling near-real-time impersonation. Sophos observed brief CEO/CFO video deepfakes on WhatsApp used to initiate social-engineering attacks. Prompt-injection attacks are also rising.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]