How to Mitigate Deepfake Events: A Guide for Businesses and MSPs

Deepfakes, fake content created using generative AI, is an insidious and challenging cyber threat. These fabricated videos, voices, and other content have made validating legitimate communications challenging. The decisive manner in which deepfakes can circumvent cybersecurity and human trust has meant they rapidly become a weapon of choice for cybercriminals. Businesses and MSPs must gear up to take on this dangerous new threat.

OWASP (Open Worldwide Application Security Project) has responded to the challenge of deepfakes by producing "A Guide to Preparing and Responding to Deepfake Events.”

TitanHQ's short guide will explore OWASP's advice and offer some practical ways to prevent a deepfake attack.

What are Deepfakes, and How are Cybercriminals Using them for Malicious Intent?

The stage was set for digital forgery when in 2017, a Reddit user posted an algorithm that used AI to create realistic fake videos by placing film star faces in porn videos. Since then, deepfakes have been applied to legitimate uses, such as video games, digital receptionists, artistic pursuits, and education. However, the malicious use of AI has continued unabated, and this form of synthetic media is being used for misinformation, to disrupt elections, and to commit fraud.

Cybercriminals also turn to deepfakes to develop innovative ways to engineer people for financial gain socially. A recent high-profile case of a deepfake video conference resulted in a $25 million payout to the cybercriminals behind the scam.

Scammers are even using websites containing deepfake video apps as a lure to steal login credentials. The attackers create websites containing deepfake videos and offer an app to create deepfake videos. If a visitor clicks on a "Get Now" link, an executable that looks like an "EditProAI" application is downloaded. Unfortunately, the executable is a credential-stealing malware. Measures like DNS filters can prevent employees from navigating to dangerous websites that contain malware.

As cybercriminals continue to invent more ingenious uses of AI and deepfakes in their quest to scam businesses, MSPs and security professionals must prepare themselves.

Here are some OWASP tips to help you prepare and respond to deepfake attacks.

Tips from OWASP to Protect your Business from Deepfake Fraud

OWASP is an important industry body and online community. Their “Top Ten” series of insights into the most critical security threats to web apps provides an essential knowledge base for security experts and vendors worldwide. Now that Large Language Models (LLMs) and Generative AI have entered the technology landscape, OWASP has turned its security know-how to focus on the Top Ten for LLM Applications and Generative AI. Out of this analysis, OWASP has produced its guide to deepfake preparation and how to best respond to this growing threat.

An Overview of the OWASP Guide to Preparing and Responding to Deepfake Events

The OWASP deepfake guidance uses the established principles of security as a baseline for defense. These principles involve the following:

• Using due process to identify deepfakes rather than depending on visual or auditory detection.
• Have rigorous financial controls and use robust verification procedures.
• Cultivating a culture of awareness in your organization
• Developing incident response plans and ensuring that they are updated regularly in line with the changing threat landscape

The guide focuses on four deepfake scenarios:

• Financial fraud
• Job interview fraud
• Social engineering
• Mis/dis/malinformation

Using advisories within the incident response paper, NIST Special Publication 800-61 Revision3, the guide highlights the following areas to prepare and respond to deepfake attacks:

1. Preparation
2. Detection and Analysis
3. Containment, Eradication and Recovery
4. Post-incident activity

Preparation

Being prepared is an established best practice when ensuring organizational security. OWASP's starting point for deepfake mitigation is threat activity analysis, which is what is happening in the deepfake threat landscape. This analysis forms the basis of an incident response plan and establishes the organization's educational needs to build deepfake threat awareness. Importantly, this building block for deepfake impact sets out a plan for incident response that incorporates employees through formal deepfake awareness training.

Detection and Analysis

OWASP provides a comprehensive guide to the detection and analysis of deepfake threats. This section includes the current knowledge base of deepfake threat actors' techniques, tactics, and procedures (TTPs). The TTPs reflect ongoing analysis performed by MITRE ATT&CK. The TTPs provide a profile of an attack chain and how each part is executed. For example:

Technique: Luring a Victim to execute instructions describes how adversaries lure the victim to initiate a fraudulent transaction by leveraging urgency on a business requirement.

The guidance from OWAP in the detection and analysis of deepfake threats is to “review, determine, interview, and document”:

• Review compliance procedures
• Review deepfake reporting procedures and educational materials
• Review the processes for ensuring Separation of Duties and Dual Authorization
• Determine the typical rate at which third parties update their banking or payment
• information
• Interview the individual who received the deepfake ASAP
• Document the incident

Containment, Eradication and Recovery

This section of the OWASP deepfake guide provides a baseline for building a robust process for deepfake incidents. The series of steps takes an organization through a best practice plan for dealing with the impact of a deepfake attack.

Post-Incident Activity

The final stage of the deepfake attack response is learning from the aftermath. Reviewing and scrutinizing events provides feedback into the incident response plan and updates any security or education gaps.

Get Started with TitanHQ's Security Awareness Training.

Measures to Prevent Deepfake Fraud

The OWASP guide also suggests tools and measures to mitigate an attack based on a deepfake. Process, procedure, and education underpin the best practices on how to handle deepfake-enabled attacks:

Policies and Procedure

The security policies employed by an organization are the foundation stone of deepfake preparation and response. These policies should cover the core areas identified by OWASP as targeted by deepfake attacks—namely, financial transactions, helpdesk, hiring, and sensitive data disclosure. Policies must incorporate security best practices such as multi-factor authentication (MFA), least privilege access rights, security awareness training, and incident reporting. Security tools such as DNS filters can help to prevent employees from navigating to malicious websites that are part of a chain of deepfake-enabled attacks.

Security Awareness Training

OWASP emphasizes appropriate and regular deepfake awareness training that incorporates the latest industry know-how on deepfake-enabled attacks work. Deepfakes are particularly sinister in that they specifically exploit trust. OWASP suggests that recruiters and hiring managers receive awareness training that is regularly updated to reflect current trends and processes. The guide indicates that, as a minimum, the following should be covered by the security awareness training:

• What deepfakes are
• What to do if you think a deepfake is targeting you
• What to do if you are the subject of a deepfake
• Where to report deepfakes

OWASP warns that deepfakes “typically exploit human psychology by employing urgent and high-pressure scenarios which intend to create fear and panic to make targets act rashly.” The application of behavior-based security awareness training is an essential measure in combating malicious deepfakes.

Get Started with TitanHQ's Security Awareness Training.

Processes and Human-Based Authentication

OWASP reiterates the importance of using next practice human-based authentication measures, including the following:

• Use alternative phone numbers, emails, or aliases to confirm a voice request.
• Use a "code of the day" to cross-reference financial requests. This code (which can be changed multiple times a day) is typically distributed using a secure application that
• requires MFA to access the current code.
• Chain of command and, where required, multiple reviews to confirm requests.
• MFA as default.

Taking on Deepfake-Enabled Cyberattacks (and Winning)

OWASP's advice and guidance provide organizations and MSPs with vital know-how in managing the insidious threats of deepfakes. The advice pivots around putting measures that prepare through policy, process, and procedure. The preparation is augmented through deepfake awareness training. By following this advice and using the measures recommended by OWASP, deepfake-enabled attacks can be prevented and the harmful results mitigated.

AI is here to stay, and organizations should leverage AI tools to enhance internal and external security while driving business growth. However, with the rise of deepfake threats, leaders must proactively address AI-driven risks. Keeping security strategies current is essential to safeguarding business continuity.

A critical component of this effort is ongoing security awareness training and phishing simulations. These initiatives ensure staff remain vigilant against cyber threats, significantly reducing the risk of dangerous clicks that could compromise sensitive data. Investing in comprehensive cybersecurity training and advanced security measures strengthens an organization’s defense against evolving digital threats.

Enhance cybersecurity by implementing comprehensive phishing simulation programs to proactively mitigate risks and bolster defense mechanisms and educate users on spotting social engineering.

See TitanHQ Security Awareness Training in action.