The cybercrime landscape is evolving rapidly, with deepfake technology at the forefront of this transformation. According to recent research by Trend Micro, the availability and sophistication of AI tools in the cybercrime world have surged, providing non-technical criminals with powerful tools for mass exploitation.
Rise of Deepfake Tools
Several new deepfake tools have emerged on the cybercrime underground, each more convincing and seamless than before. These tools include:
DeepNude Pro
DeepNude Pro is a criminal service that claims to take any individual’s image and rework it to display without clothes. This tool could potentially be used for sextortion campaigns, where the victim is blackmailed with these manipulated images. The implications are severe, as it can lead to personal and professional ruin, significant emotional distress, and even financial loss.
Deepfake 3D Pro
Deepfake 3D Pro generates entirely synthetic 3D avatars using a face taken from a victim’s picture. These avatars can be programmed to follow recorded or generated speech, making them ideal for fooling banks’ KYC checks or impersonating celebrities in scams and vishing campaigns. This tool can effectively bypass traditional security measures, posing a serious threat to financial institutions and personal privacy.
Deepfake AI
Deepfake AI enables criminals to stitch a victim’s face onto compromising videos. This tool can ruin a victim’s reputation or be used for extortion. Additionally, it can spread fake news, albeit it only supports pre-recorded videos. The ability to create convincing fake videos can have far-reaching consequences, from personal defamation to influencing public opinion.
SwapFace
SwapFace allows criminals to fake real-time video streams, making it a potent tool for BEC attacks and other corporate scams. This technology can create a convincing real-time deepfake of someone during a video call, potentially leading to significant financial and reputational damage for businesses.
VideoCallSpoofer
Similar to SwapFace, VideoCallSpoofer generates a realistic 3D avatar from a single picture and can mimic live movements of an actor’s face. This technology can be used for streaming deepfakes during video conferencing calls, aiding in scams, spreading fake news, and other malicious activities. It can deceive even seasoned professionals, making it a powerful tool in the hands of cybercriminals.
Re-emergence of Criminal LLM Services
In addition to deepfake tools, the Trend Micro report highlights the resurgence of previously defunct criminal LLM services like WormGPT and DarkBERT. These services are now armed with new functionalities and are being advertised alongside new offerings, such as DarkGemini and TorGPT. These new tools offer multimodal capabilities, including image-generation services.
WormGPT and DarkBERT
These services are known for their ability to generate human-like text, which can be used in a variety of criminal activities such as phishing and scam emails. With their enhanced functionalities, they can now also assist in creating convincing fake documents and reports, making them even more versatile tools for cybercriminals.
DarkGemini and TorGPT
DarkGemini and TorGPT represent the next generation of LLM services, offering multimodal capabilities that include image generation. These tools can create fake IDs, documents, and even realistic social media profiles, aiding in identity theft and fraud. Their ability to combine text and images makes them a formidable threat in the cybercrime arsenal.
The Implications of Deepfake Tools
The increasing availability and sophistication of deepfake technology in the cybercrime underground have serious implications. Cybercriminals can now easily create convincing fake videos and images for various nefarious purposes, including:
- Sextortion campaigns: Deepfake images can be used to blackmail individuals.
- Impersonation in scams: Deepfake videos can impersonate celebrities or executives.
- Spreading fake news: Deepfakes can create misleading content to sway public opinion.
- Corporate scams: Real-time deepfakes can deceive business professionals during video calls.
Unmasking Deepfakes: Eye Reflection Technique
Less Training, More Jailbreaking
One of the most alarming aspects of these new criminal LLMs is their reduced need for training. Traditional AI models require extensive training data and computational resources. However, the latest criminal LLMs are designed to be user-friendly and require minimal training, making them accessible to non-technical criminals.
Jailbreaking Capabilities
The focus has shifted from training to jailbreaking—the process of bypassing the inherent safeguards of AI models to make them perform unethical or illegal tasks. Criminal LLMs are often pre-configured to be jailbroken, enabling them to generate content that violates the terms of service of legitimate AI platforms. This makes it easier for cybercriminals to deploy these tools for malicious purposes.
Microsoft is pushing Congress to enact new laws against using AI-generated voices and images for fraudulent purposes, targeting especially seniors and children. In a 52-page white paper released on Tuesday, Microsoft advocated for a “deepfake fraud statute”. This proposed law would make it illegal to use voice and image generation tools to impersonate individuals, including political figures and personal acquaintances. Brad Smith, Microsoft’s president, emphasized the need for updated laws to tackle deepfake fraud effectively, stating that existing tech and nonprofit efforts are not sufficient to protect everyday Americans from cybercriminals.
— Microsoft Urges Congress to Ban AI-Generated Fraud
The Threat Landscape
The cybercriminal underground has evolved significantly over the years, with the introduction of sophisticated tools and services that make cybercrime more accessible, even to those with little technical expertise. These tools enable cybercriminals to conduct a wide range of activities with minimal effort, including:
- Phishing and Scam Emails: Generating convincing emails to deceive victims.
- Fake Document Creation: Producing realistic counterfeit documents for identity theft and fraud.
- Social Engineering: Crafting persuasive messages to manipulate individuals into divulging sensitive information.
- Multimodal Attacks: Combining text and image generation to create comprehensive deception strategies.
Protection and Awareness
Given the evolving cyber threat landscape, it is crucial for individuals and organizations to stay vigilant and aware of these emerging threats. Cybersecurity measures must evolve alongside these technologies to effectively combat cybercrime. This includes investing in advanced detection systems and providing comprehensive awareness training for potential targets.
Advanced Detection Systems
Developing and implementing sophisticated detection systems can help identify deepfake content. These systems use machine learning algorithms to detect inconsistencies in video and audio files that are often present in deepfakes. Organizations should invest in these technologies to protect their assets and reputation.
Awareness Training
Training employees and the public about the dangers of deepfakes and how to recognize them is crucial. Awareness programs should highlight common signs of deepfakes, such as unnatural facial movements or mismatched audio and video. By staying informed, individuals can better protect themselves from falling victim to these scams.
Conclusion
The rise of deepfake tools in the cybercrime underground is a troubling development. Tools like DeepNude Pro, Deepfake 3D Pro, Deepfake AI, SwapFace, and VideoCallSpoofer are making it easier for non-technical criminals to exploit individuals and organizations. Coupled with the resurgence of advanced LLM services like WormGPT and DarkBERT, the need for robust cybersecurity measures has never been more critical.
Stay informed, stay protected, and always be aware of the potential threats that lurk in the rapidly evolving cybercrime landscape.
For more detailed information on these developments, visit Trend Micro’s latest report.
Data Poisoning in AI: A Hidden Threat to Machine Learning Models
