Cybercriminals are always looking for ways to stay one step ahead of cybersecurity practices, and more often using the world’s evolving technology.
Imagine someone fakes the CEO of a large company to make a compelling statement about missed earnings or that one of the company’s popular product is fatally flawed. What will happen? Within minutes, the statement may lead to tumbling stock prices of the company before effecting other sinister results. This imagined scenario may become a reality in the 2020 and beyond, according to ‘McAfee Labs Threats Predictions 2020’ report.
The report says that cybercriminals are always looking for ways to stay one step ahead of cybersecurity practices, and more often using the world’s evolving technology. “Continuing advancements in artificial intelligence and machine learning have led to invaluable technological gains, but threat actors are also learning to leverage AI and ML in increasingly sinister ways,” the report said.
“AI technology has extended the capabilities of producing convincing deepfake video to a less-skilled class of threat actor attempting to manipulate individual and public opinion. AI-driven facial recognition, a growing security asset, is also being used to produce deepfake media capable of fooling humans and machines,” it added.
Some of the forms in which financial frauds may take place in the New Year and beyond include:
Broader Deepfakes Capabilities for Less-Skilled Fraudsters
McAfee predicts that Deepfake video or text can be weaponized to enhance information warfare. It said that Freely available video of public comments can be used to train a machine-learning model that can develop of deepfake video depicting one person’s words coming out of another’s mouth.
The Attackers can now create automated, targeted content to increase the probability that an individual or groups fall for a campaign. In this way, AI and machine learning can be combined to create massive chaos.
“Adversaries will try to create wedges and divides in society. Or if a cybercriminal can have a CEO make what appears to be a compelling statement that a company missed earnings or that there’s a fatal flaw in a product that’s going to require a massive recall. Such a video can be distributed to manipulate a stock price or enable other financial crime,” the report said.
API to be the weakest link for threats
The report said that threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data.
“Headlines reporting API-based breaches will continue into 2020, affecting high-profile apps in social media, peer-to-peer, messaging, financial processes, and others, adding to the hundreds of millions of transactions and user profiles that have been scraped in the past two years. The increasing need and hurried pace of organizations adopting APIs for their applications in 2020 will expose API security as the weakest link leading to cloud-native threats, putting user privacy and data at risk until security strategies mature,” McAfee said.