Contact Form Request Pricing Submit Feedback
Legal
Terms of Service Privacy Policy
Log In
Summary Threat Type Vulnerabilities Surface Matrix Motivations Kill Chain Recommendations Appendix
Print Report

Vitali Klitschko "Zishing" attack.

Submitted File

Threat actors impersonated Kiev Mayor Vitali Klitschko in video chat with several European mayors of major cities.

Threat Level

Low

Moderate

Elevated

High


Authenticity Spectrum

Real

Suspicious

Likely Fake

Fake



Deepfake Attack Profile

Credibility

High

The more synthetic media is perceived to be legitimate and authoritative, the content is more likely to be trusted, persuasive, and acted upon.

Interactivity

High

Synthetic media can range from non-interactive, not ongoing, or not consistent (low) to interactive, ongoing, and consistent (high).

Familiarity

High

Synthetic media can range from very recognizable and familiar (high) or hardly (or not) recognizable and familiar (low).

Evocation

Moderate

Synthetic media can range from evoking a significant affective response (high) to barely or not at all eliciting an affective reaction.

Distribution

Narrowcast

Synthetic media can range from broadcast to a wide human audience or technical security measures (high) to a narrow, specific human audience or tailored technical security measure (low).


Deepfake & Synthetic Media Analysis Framework (DSMAF) Assessment™. The media submitted for this Deepfake Threat Intelligence Report (DTIR) was assessed with the Psyber Labs Deepfake & Synthetic Media Analysis Framework (DSMAF)™, a set of psychological, sociological and affective influence factors and sub-facets, that when holistically applied, inform the motivations, intentions, and targeting process in synthetic media and deepfake propagation. The findings of each DSMAF factor is described in respective sections and graphically plotted on the Deepfake Risk Factor Radar. The combined DSMAF findings are given a Synthetic Media Threat Level (Low, Medium, Elevated, or High) for actionable awareness and risk mitigation.

Threat Type

Threat Type is the category of intended purpose and the risk proposed by the synthetic media or deepfake. Often, cyber deception efforts through deepfake content are multi-purpose, and a result, are categorized with multiple threat types.

Digital Impersonation for Disinformation

Deepfake technology intentionally using the likeness of famous and/or credible authorities in an effort to shape the behaviors, attitudes, beliefs and/or emotions of the target audience

Voice Heist

Voice Heists are a form of deepfake audio attack. In particular, it is the use of artificial intelligence to manipulate or create audio, cloning the voice(s) of legitimate individuals, often company executives. The voice clone is then used to trick companies, banks or other organizations to transfer funds to accounts controlled by the deepfake attacker.

Maskirovka

маскировка ("maskirovka") is the Russian doctrine and tactics of military denial & deception

Reflexive Control

Reflexive Control is a uniquely old Soviet Union (USSR)—and now Russian Federation—concept of a campaign that feeds an adversary select misdirecting information so that the adversary makes the decisions that Russia wants him/her to. Methods of reflexive control include spreading false information, leaking partial information at opportune moments, and projecting a different posture of Russia than what may actually be true. The goal of reflexive control is to ‘control’ the ‘reflex’ of the adversary by creating a certain model of behavior in the system it seeks to control.

Influence Operation

Influence operations, also known as information operations or psychological operations, are strategic approaches used to shape the perceptions, decisions, and behaviors of target audiences to achieve specific objectives.

Deception

Intentional strategy and tactics meant to mislead, misdirect and manipulate the perceptions of a target audience through simulation (showing the false) and/or dissimulation (hiding the real)

Zishing

Zishing, or Zoom-based phishing attacks, wherein a threat adversary (TA) uses deepfake technology to realistically emulate known, familiar or expected interactant(s) to deceive the victim on the video call to comply with requests in the interest of the TA.

Common Cognitive Vulnerabilities & Exposures™ (CCVE)

Common Cognitive Vulnerabilities & Exploits (CCVEs) are perceptual distortions, cognitive biases, heuristics misapplied, or any mental process that exposes a person to a potential manipulation by an adversary.

Confirmation Bias

Category: Cognitive Processing

The tendency to seek information that confirms or supports a predetermined position or conclusion.

Inattentional Blindness

Category: Perceptual Biases

It is a perceptual blindness (rarely called inattentive blindness) that occurs when an individual fails to perceive an unexpected stimulus in plain sight, purely as a result of a lack of attention rather than any vision defects or deficits.

Highlight Effect

Category: Perceptual Biases

A perceptual effect that hides or shows an element by animating its background color first.

Halo Effect

Category: Interpersonal Biases

In assessing other people, it is the tendency for a person’s positive trait to be generalized to possess other positive traits.

Commitment-Consistency

Category: Social Norm Vulnerabilities

Tendency to continue with a behavioral track once starting on that track. Can be exploited by obtaining target compliance with a small request, and later making a larger request.

Authority

Category: Social Norm Vulnerabilities

Tendency to comply with authority figures (usually legal or expert authorities). Exploitable by assuming the persona or impersonating an authority figure. 

Mere Exposure Effect

Category: Cognitive Processing

The Mere Exposure Effect is a cognitive bias where individuals show a preference for things they’re more familiar with. Repeated exposure to a stimulus increases liking and familiarity, even without conscious recognition.


Deepfake Attack Surface & Vectors

As part of the DSMAF criteria, Deepfake Attack Surface & Vectors assesses the intended target; the manner of control, or how the synthetic media is being presented to the target; and medium, or the type of synthetic media being presented to the intended target.


Intended Target

Both humans and automation may be targeted by synthetic media attacks. This criteria references whether the target of the attack was human or automation. The highlighted icon represents the intended target of this submitted media.


Human

Technical

Hybrid

Unknown



Control

A measure of if the attack was constructed by a human or by artificial intelligence. The highlighted icon represents the method of control of this submitted media.


Human

Automation

Hybrid

Unknown



Medium

The medium is the format of the content submitted. Highlighted items represent all of the various formats contained in the submitted content.


Text

Image

Video

Audio

Synthetic Media Exploitation Matrix

The Synthetic Media Exploitation Matrix Is a visual representation of the combined levels of attacker sophistication and maliciousness.

  • Sophistication is a judgment of the level of demonstrated technological prowess and capability involved in the attack.
  • Maliciousness is a conclusion regarding the degree to which the attack was deliberately intended to cause harm.

Sophistication

High

Technical complexity of the atttack.

Sophistication
Maliciousness

Chart Not Available on Printed Version

Maliciousness

High

How damaging the attack was intended to be.



Motivations

Motivations are the underlying activators, purposes or sustained reasons for why the deepfake threat actor sought to create and take the necessary steps to produce and disseminate synthetic media or deepfake content.

Injecting Chaos

Chaos injection is the intentional introduction of evocative material--which is often ambiguous and unresolved--to cause confusion and disorder.

Pacification

Leading the target audience to believe that something acceptable or benign is occurring to reduce vigilance.

Deception

Intentional strategy and tactics meant to mislead, misdirect and manipulate the perceptions of a target audience through simulation (showing the false) and/or dissimulation (hiding the real)

Influence

Intentional effort to shape the perceptions, decisions, and behaviors of target audiences to achieve specific objectives.

The Deepfake Kill Chain™

The Deepfake Kill Chain™ describes the various, distinct, sequential stages of deepfake media creation and dissemination. Understanding these stages, and the adversary’s efficacy in the respective stages not only reveals the adversary’s modus operandi and decision-making process, but when contrasted with the Deepfake & Synthetic Media Analysis Framework™, identifies and elucidates methods of preventing and defending against the adversary’s deepfake attacks.

Motivation

Motivation is the underlying activator, purpose or sustained reasons for why the deepfake threat actor wants to create nefarious synthetic media.

No case specific insights generated.

Targeting

Targeting is the threat actor’s intentional selection of a target audience, or the group or individual whom he is interested in impacting with his deepfake campaign.

No case specific insights generated.

Research and Reconnaissance

Research & Reconnaissance occurs when the threat actor is effortfully gathering information about the target audience, the optimal channels to conduct their campaign on, the relevant narratives for the attack, and type of content that will have the desired impact on the target audience.

No case specific insights generated.

Preparation and Planning

Preparation & Planning are the steps and processes that the threat actor takes to acquire the tools and content needed to create the deepfake media for their campaign and their deliberation for the execution of the campaign.

No case specific insights generated.

Production

Production is the threat actor’s use of tools and content for the creation and development of deepfake media for their attack campaign.

No case specific insights generated.

Narrative Testing

Narrative Testing. A narrative is a story, or an account of related events or experiences. A good narrative will have story coherence, such that both the story being told and its relationship to the real world are cohesive and clear. In deepfake campaigns, threat actors consider and evaluate the possible narratives—particularly in relation to events and context—to support the campaign in an effort to maximize the believability and efficacy of the attack.

No case specific insights generated.

Deployment

Deployment is the threat actor’s intentional transmission of deepfake content to the target audience through selected online channels.

No case specific insights generated.

Amplification

Amplification is the threat actor’s intentional efforts to maximize the visibility, virality and target audience exposure to their deepfake content.

No case specific insights generated.

Post-Campaign

Post-Campaign is the period after the target audience has received and been exposed to the deepfake content.

No case specific insights generated.



Cognitive Security Recommendations

This section identifies the steps and measures to prevent and defend against the synthetic media/deepfake content assessed in this DTIR. For a more detailed recommendation, training or consultation, connect with Psyber Labs.


Appendix

DTIR™ Version: 1.0

Submission Date (UTC): December 03, 2023 01:24

Assessment Date (UTC): February 07, 2024 18:10

SHA256 Hash: c38e7392bd88334a6825764f04801340582729441db45c906e79b93cf317f104

Source: https://www.worldboxingnews.net/2022/06/25/vitali-klitschko-deepfake-video-major/