​Deepfake attack threat during Covid-19

27 March 2020

In these unprecedented times many companies are in business continuity mode so the unusual has become both prioritised and normalised.

Many are making unusual purchases at short notice to facilitate their migration to increased or full remote working and fiduciary financial due diligence rules such as ‘four eyes’ checks and verification may be relaxed as finance teams are pushed to work remotely. This changes the threat landscape and affords threat actors new opportunities for attack which they will be characteristically quick to exploit.

Several of our clients had already seen an increase in the use of deepfakes to support Business Email Comprises (BECs) prior to the current Covid-19 crisis. Some stories have been covered in the press[1]. These attacks are often in the form of voicemails in support of an email (or sometimes alone) apparently from a CEO asking a CFO or finance colleague to make a transfer to a new customer or an existing one with changed payment details. Given the change in working practices brought about by the Covid-19 crisis and the natural human desire to help the business in the difficult times the additional use of deepfake voicemails could tip many finance colleagues into making the transfer.

Deepfakes are now relatively easy to make provided the threat actors have some samples of the victim’s voice. Many CEOs have active social media profiles replete with audio and video recordings so this is a straightforward matter. Technologies such as Lyrebird[2], Wavenet and Adobe VoCo[3] demonstrate the current state of the art and create a trickle-down effect bringing the technology within easy reach of the cyber criminals. Anyone who has seen my talk on ‘Managing Cyber Risk in a Fake World’ will be aware of how easy this is becoming. My colleague Matt Lewis covers many of the technologies in his excellent 44con talk[4].

The solution is education, awareness and process. Make sure all your finance colleagues are aware of the increased threat and seek to replicate your ‘four eyes’ checks even if your entire finance function is working remotely.



