The ever-growing boom in AI-based tools is increasingly attracting cybercriminals. Experts have observed an increase in the availability of Voice Cloning-as-a-Service (VCaaS) offerings, which power deepfake frauds. These tools and services are capable of spreading misinformation in highly effective ways and can defeat voice-based MFA systems easily.
Impersonating celebrity voices
Recorded Future researchers have revealed that several attackers are offering out-of-the-box voice cloning platforms, thus, helping other cyber criminals carry out attacks effectively without any sound technical know-how.
- These voice-cloning tools are often intended to create fake voices of popular celebrities, politicians, and other influencers. These fake audio recordings can be used to spread disinformation or to carry out social engineering fraud.
- Some of these automated voice cloning platforms are being offered for free, while others cost a minimal amount of money.
Abusing legitimate tools
Attackers have been spotted selling legitimate tools as a means of carrying out voice-phishing attacks, celebrity impersonation, and call-back scams.
- In some cases, they use genuine tools used for book voiceovers, audio dubbing for movies and television shows, and voiceover tools for advertisements.
- One popular voice cloning platform is Prime Voice, a browser-based text-to-speech software developed by ElevenLabs. The genuine tool allows users to upload custom voice samples with a minimal premium charge.
- However, it is being sold on the dark web for a much lower price, thus attracting criminals interested in voice-based scams.
Overcoming limitations
- Notably, genuine tools don’t offer one-time samples or limited-time-based voice-over, thus, restricting the number of attempts by criminals.
- However, some criminals have been observed developing and monetizing their own voice cloning services, resulting in the creation of a VCaaS ecosystem in the underground world.
Concluding notes
While AI-based automation tools are still in the infancy stage, appropriate risk mitigation strategies must be put in place to counter the threats associated with them. According to experts, the best defense is to educate users, customers, and employees about these emerging attack tactics.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/5655_shutterstock_2111740181.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0826_shutterstock_1124941190.jpg)
