Deepfake Cyber Security Threats

A deepfake is any type of computer-generated digital media that purports to be real: it’s also, in 2025, big business. The deepfake market is estimated to be worth $1.9 billion within the next 5 years, with over 95% of these manipulated videos fueling scams, misinformation, and privacy violations.

CTA1 AI Security Report

Deepfake Cyber Security Threats

What is Deepfake

A deepfake is a piece of synthetic media such as video, audio recording, or image, that has been digitally manipulated using AI to convincingly mimic real people, actions, or speech.

The term is a portmanteau of “deep learning” and “fake,” referencing the neural networks that power the technology. Unlike traditional editing, deepfakes are generated by training AI models on real data, such as voice recordings, photos, or video frames to fabricate hyper-realistic content that can be nearly impossible to distinguish from reality.  As the tech becomes more accessible, the line between authentic and artificial content is rapidly blurring, introducing serious ethical, social, and AI security concerns.

How are Deepfakes Created?

Deepfake scams are a byproduct of the massive leaps forward in machine learning techniques.

Autoencoders and Generative Adversarial Networks (GANs) are the two technologies that, collectively, allow for text prompts to be turned into realistic synthetic media.

Autoencoder

An Autoencoder is a type of neural network designed to learn efficient representations of data. It consists of two parts:

  • An encoder that compresses input data (like an image of a face) into a simpler representation
  • A decoder that reconstructs the original input from this compressed form.

In deepfake technology, autoencoders are typically trained on two individuals – one for the source face and one for the target. The encoder learns to extract facial features, and two separate decoders learn how to reconstruct each individual’s face.

By mixing the encoder for the source with the decoder of the target, it’s possible to generate a realistic image of the target person.

Generative Adversarial Network (GAN)

A GAN consists of two individual networks:

  • A generator, which uses an autoencoder to create images and fake videos that look real
  • A discriminator, which evaluates whether the output images or videos are real ones or fake.

These two networks train together in a competitive loop: as the generator improves its fakes, the discriminator gets better at spotting them. Eventually, the generator becomes so good that the discriminator can no longer reliably tell the difference between genuine and fake images.

Neither can the audience, or many deepfake detection methods or tools.

What Threats Do Deepfakes Pose?

While impressive from a technological perspective, real-world examples of artificial intelligence deepfake threats are far more sinister. Public debate on its ethics first hit the headlines in 2018, in which US Senator Marco Rubio voiced concerns about deepfakes being used to influence elections.

This was in the wake of the high-profile Russian troll farm investigation, which saw widespread and sustained attempts to influence the 2016 US election via social media platforms.

Deepfakes threatened to be a source of even further synthetic media attacks.

However, 9 years on, the fear of AI-generated posts influencing elections have yet to materialize: instead, deepfakes are being used in far more financially-motivated forms, leveraged at generally individual, highly-researched victims.

As the technology powering deepfakes has become both more capable and accessible, a key type of harm is social engineering.

社會工程

Social engineering includes any form of manipulation of a victim into divulging confidential information or acting in a way that compromises security.

Realistic AI-generated audio or video amplify social engineering attempts by making deception more convincing. Deepfake corporate fraud started to materialize in early 2024, as a finance employee at a multinational company was tricked into transferring $25 million to the attackers after attending a Zoom meeting.

After this meeting, the employee learnt that all participants of this call, including the firm’s chief financial officer, were actually deepfakes.

音頻

Audio is an increasingly large focal point for today’s attackers, thanks to publicly available tools like ElevenLabs and the Retrieval-based Voice Conversion (RVC) algorithm.

This allows attackers to produce believable audio from as little as ten minutes of recorded speech – taken from any publicly available voice samples such as social media and professional webinars. As a result, attackers are able to leverage far deeper exploitation methods against a wider pool of potential victims.

How Can Deepfake Attacks Be Prevented?

Since deepfakes are a major component to social engineering, prevention needs to focus on the employee. The two key components to this are:

  • Processes
  • Personal training

Internal communication protocols must be resilient, and keep employees on the right track as they handle sensitive workflows. This means verification such as multi-factor authentication is necessary for any communication involving financial transactions or strategic directives.

Even better is a solution that monitors the legitimacy of inbound communications across not just email, but also phone calls and video meetings.

員工培訓

More important than solutions alone are the employees themselves: even those supported by concrete workflows need the skills to spot illicit communications.

Staff across all departments should be trained to understand what deepfakes are, how they are created, and the tactics commonly used in deception-based scams. By fostering a culture of skepticism, where unusual requests are verified regardless of the apparent source, organizations significantly reduce their susceptibility to deepfake-based attacks.

Rapid Response Plan

Finally, organizations must prepare for the possibility of a successful attack by establishing a rapid response plan.

The response framework must detail each member of the security team’s responsibility, alongside highlighting which media and legal teams need to be contacted; while this plan will hopefully never be needed, the faster an organization can respond, the better its long-term post-attack outlook.

See What Other Threats Are in Store

As an industry-leading security provider, Check Point offers cutting-edge intelligence into how deepfakes are being used in real-life attacks. Check Point’s darkweb intel lends it immediate insight into the job advertisements on illicit forums that are explicitly seeking AI developers for phone-based scams, or how attackers are purchasing AI-based call systems to call potential victims and obtain one-time password, in order to bypass otherwise secure multi-factor authentication.

Check Point doesn’t just collect this information, but actively implements it into its suite of security solutions. Manually extracting the tactics, techniques, and procedures (TTPs) for threat-hunting can be slow and labor-intensive.

Check Point accelerates this with AI, streamlining this process with automatic detection and alignment with their corresponding MITRE ATT&CK patterns.

Whether it’s automatically updating firewall analytics to block deepfake phishing websites, or flagging an email for social engineering before the user sees it, Check Point leverages AI for rapid security integration. The end result is a drastic reduction in the time to detect and respond to today’s threats and malware.

Explore the Check Point 2025 AI Security Report in full, and start gleaning first-hand insight into threats facing your organization.