AI-Based Attacks , Artificial Intelligence & Machine Learning , Black Hat

Real-Time Deepfakes: A Growing Threat to Corporate Security

Bishop Fox's Brandon Kovacs on the Security Risks of Real-Time Voice, Video Cloning
Brandon Kovacs, senior red team consultant, Bishop Fox

Advances in real-time cloning of voice and video have taken deepfakes to a new level, making them more effective for social engineering, said Bishop Fox's Brandon Kovacs.

See Also: 2024 CISO Insights: Navigating the Cybersecurity Maelstrom

Attackers can now deceive victims by impersonating trusted figures in live video calls, and Kovacs said the use of deepfakes in business contexts increases the risk of financial and data loss. Attackers have evolved from posting manipulated content on social media to doing live video calls as cloned versions of high-ranking officials. Criminals are using deepfakes to target financial assets, sensitive systems and network infrastructure (see: Bishop Fox Raises $75M to Fortify Offensive Security Muscle).

"What happens when someone clones your IT help desk guy, and then he calls the service desk and says, 'Hey, I need you to disable specific accounts'? Or, 'I need you to reset people's passwords'?" Kovacs said. "So, it's not just about stealing money. People could use this to compromise networks."

In this video interview with Information Security Media Group at Black Hat 2024, Kovacs also discussed:

  • The evolution of deepfakes from misinformation to real-time exploitation;
  • Security implications for companies, including the prospect of cybercriminals impersonating CEOs and CFOs;
  • How organizations can more effectively detect and mitigate these attacks.

Kovacs specializes in red teaming, network penetration testing and physical penetration testing. As a red team operator, he is adept at identifying critical attack chains that an external attacker could use to fully compromise organizations and reach high-value targets. Kovacs actively performs research and development into artificial intelligence for use in offensive security engagements.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.