The iProov Biometric Threat Intelligence Report reveals the most recent attack trends on biometric verification systems and information on how they can be mitigated.
Based on press release information, digital identities have been increasingly leveraged following organisations’ and governments’ digital transformation projects’ evolution, as well as users’ demand for remote accessibility for everything, from creating a bank account to applying for government services. Looking to support this transformation, a multitude of organisations have adopted biometric face verification, as it has wide recognition for providing the most user-friendly, secure, and inclusive authentication solution.
However, as biometric face verification gains traction and is more widely adopted, threat actors are targeting all systems with sophisticated online attacks. In order to achieve both user-friendliness and security, organisations should evaluate the resilience of their biometric solutions in the face of these complex attacks.
Report findings highlight that digital injection attacks, where malicious actors bypass a camera feed to trick a system with either synthetic imagery or video recordings, have had a fivefold frequency increase in the online space throughout 2022 when compared to persistent presentation attacks, such as showing a photo or mask to a system.
This is believed to be caused by the ease with which they can be automated, as well as the rise in access to malware tools. As over three-quarters of malware available on the dark web is purchasable for less than USD 10 and there is an increase in malware-as-a-service and plug-and-play kits, only 2-3% of current threat actors are advanced coders.
Attacks that leverage deepfake technology have also increased in frequency in 2022. As per the announcement, the technology is debated and becoming mainstream and bans on its non-consensual use form an important part of the draft of the UK Online Safety Bill. Nowadays, cyber-attackers leverage it to create 3D videos that trick the systems into having the belief that the real consumer is aiming to authenticate.
What is more, in 2022 the use of novel face swaps arose, a new type of synthetic digital attack that combines existing video or live streams and superimposes another identity over the original feeds in real time. These attacks present challenges in being detected for both active and passive verification systems and following their emergence in H1 2022, novel face swaps increased by 295% in H2 2022.
The announcement details that motion-based attacks launched ‘en masse’ throughout the globe have occurred thrice a week, sending bursts of 100-200 verification attempts concomitantly to try and overwhelm platforms. The attacks targeted different systems simultaneously, irreverent of industry or geography, thus suggesting that no organisation is safe. Furthermore, motion-based verification systems that leverage motions such as smiling, nodding, and blinking, were frequently targeted.
As per press release information, the iProov Biometric Threat Intelligence 2023 report is informed by data from the iProov Security Operations Center (iSOC) and expert analysis.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now