The US National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) have released ‘Contextualizing Deepfake Threats to Organizations’. This new Cybersecurity Information Sheet (CSI) provides an overview of synthetic media threats, techniques, and trends.
Threats from synthetic media, such as deepfakes, have exponentially increased say the three agencies and in response this document provides a set of employable best practices to take in preparation and response to the growing threat.
The authoring agencies urge organizations to review the guidance for recommended steps and best practices to prepare, identify, defend against, and respond to deepfake threats.
Specific threats to organizations highlighted in the guidance include:
- Executive impersonation for brand manipulation: malicious actors may use deepfakes, employing manipulated audio and video, to try to impersonate an organization’s executive officers and other high-ranking personnel.
- Impersonation for financial gain: malicious actors often use multiple types of manipulated media in social engineering campaigns for financial gain. These may include impersonating key leaders or financial officers and operating over various mediums using manipulated audio, video, or text, to illegitimately authorize the disbursement of funds to accounts belonging to the malicious actor.
- Impersonation to gain access: malicious actors may use manipulated media techniques and technologies to gain access to an organization’s personnel, operations, and information.
Read the guidance (PDF).