Kaspersky explores the darknet deepfake industry
Woburn, MA – May 9, 2023 – Experts at Kaspersky have released findings from their study of the darknet deepfake industry. Researchers found offers ranging from the creation of pornographic deepfakes for revenge to simulating cryptostreams intended to be used in cryptoscams. The cost of these deepfake videos varied from $300 to $20,000 per minute.
Cybercriminals regularly offer malicious services on the darknet, including the provision of deepfake creation services. These deepfakes don’t just pose a risk to a person’s reputation and privacy but are also a danger to their finances.
The risk of falling victim to deepfakes is increasing as fraudsters can easily extract images of their potential targets. These manipulated videos and images can be used for various malicious purposes, including financial fraud, political manipulation, revenge, and harassment. However, the creation of high-quality deepfakes requires technical expertise and advanced software, which is why individuals seeking to create fake media turn to deepfake creation services available on the dark web.
Research reveals that there is significant demand for deepfakes, surpassing the available supply. People are actively searching for individuals who can create fake videos for them. The cost of creating or purchasing deepfakes varies depending on the complexity of the project and the quality of the final product. In some cases, individuals may even request deepfakes of specific targets such as celebrities or political figures. The prices per minute of deepfake video can range from $300 to $20,000.
A significant number of analyzed posts referred to cryptoscams. Some providers offer high-quality deepfakes for the purpose of cryptocurrency fraud. Their service includes creating "Cryptostreams" or "Fake Crypto Giveaways," which are popular scams where fraudsters collect cryptocurrency by broadcasting fake giveaways. To create these deepfakes, scammers use footage of celebrities or splice together old videos to launch live streams on social media platforms. They promise to double any cryptocurrency payment sent to them and often show a pre-generated page where victims are asked to transfer anywhere from 2500 to 1000000 XRP, with the promise of doubling their payment. As a result, users caught in this scam can lose anywhere from $1,000 to $460,000.
An example of a post offering to create cryptostream deepfake
In addition to financial fraud, deepfakes can also cause a big issue for privacy. Disturbingly, some deepfake creators offer their services for the creation of pornographic videos. These vendors are also creating tutorials on the creation of these fake videos, including lessons on selecting the source material and swapping faces to create a convincing forgery. Unfortunately, these porn-deepfakes can be used to victimize and blackmail individuals, leading to serious emotional harm and even financial loss.
An example of a post offering a tutorial on deepfake creation
“Cybercriminals are increasingly using deepfakes to carry out various scams, including cryptocurrency fraud and biometric security bypassing,” said Vladislav Tushkanov, lead data scientist at Kaspersky. “The fact that there is a high demand for deepfake creation services also indicates that individuals and groups with malicious intent are willing to pay significant amounts of money to acquire such videos. As the technology continues to improve and become more accessible, it is crucial that companies and individuals take steps to protect themselves from deepfake-related scams and attacks.”
Continuous monitoring of dark web resources provides valuable insights into the deepfake industry, allowing researchers to track the latest trends and activities of threat actors in this space. By monitoring the darknet, researchers can uncover new tools, services, and marketplaces used for the creation and distribution of deepfakes. This type of monitoring is a critical component of deepfake research, and helps improve our understanding of the evolving threat landscape. Kaspersky's Digital Footprint Intelligence service includes this type of monitoring to help its customers stay ahead of the curve when it comes to deepfake-related threats.
Learn more about deepfake Darknet industry on Kaspersky Daily.
To be protected from threats related to deepfakes, Kaspersky recommends:
· Check the cybersecurity practices in place in your organization – not only in the form of software, but also in the form of developed IT skills. Use Kaspersky Threat Intelligence to get ahead of the current threat landscape.
· Boost the corporate “human firewall”: ensure the employees understand what deepfakes are, how they work, and the challenges they can pose. Have ongoing awareness and education drives on teaching employees how to spot a deepfake. Kaspersky Automated Security Awareness Platform helps employees to stay up-to-date with the most recent threats and increases the digital literacy levels.
· Use good quality news sources. Information illiteracy remains a crucial enabler for the proliferation of deepfakes.
· Have good protocols like “trust but verify.” A skeptical attitude to voicemail and videos will not guarantee people will never be deceived, but it can help avoid many of the most common traps.
· Be aware of the key characteristics of deepfake videos to look out for to avoid becoming a victim: jerky movement, shifts in lighting from one frame to the next, shifts in skin tone, strange blinking or no blinking at all, lips poorly synched with speech, digital artifacts on the image, video intentionally encoded down in quality and has poor lighting.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Sawyer Van Horn