The growth of AI-based technology has presented new challenges for remote identity verification systems, as reported by iProov. The advancement of innovative tools has empowered threat actors to rapidly evolve, leading to an increase in the number of potential attack vectors due to novel methodologies.
While the focus has predominantly been on consumer identity fraud, the most significant and costly attacks in 2024 targeted workforce remote identity verification systems. This shift towards corporate targets highlights a troubling trend where threat actors exploit remote work processes and corporate communication channels to maximize their impact.
By targeting remote hiring processes, virtual workplace communications, and executive video conferences, attackers have been able to achieve higher payouts compared to traditional consumer fraud. This shift from individual to organizational targets exposes a critical gap in workforce identity verification that current corporate security frameworks are struggling to address effectively.
Key trends in remote identity verification system attacks include the evolution of native camera attacks, which saw a 2665% increase in 2024, partly due to mainstream app store infiltration. Face swap attacks also surged by 300% compared to the previous year, with threat actors focusing on systems utilizing liveness detection protocols. Additionally, new threat actor groups emerged in 2024, contributing to the growth of the online crime-as-a-service ecosystem.
The report from iProov highlights the transformation of simple, lone-wolf attacks into a complex marketplace involving multiple actors. There is a shift towards long-term fraud strategies, with threat actors integrating stolen, bought, and synthetically derived identities into various online identity access points. Some attacks utilize sleeper tactics, lying dormant until they are activated to cause disruption, while others replicate attacks at a rapid pace across different sectors and platforms.
Dr. Andrew Newell, Chief Scientific Officer at iProov, emphasized the threat posed by the commoditization and commercialization of deepfakes, making them accessible to low-skilled actors with minimal technical expertise. The report also underscores the exponential growth of attacks against remote identity verification, with a focus on high-value corporate targets and the identification of over 115,000 potential attack combinations.
Synthetic identity fraud (SIF) is identified as the fastest-growing type of fraud, combining legitimate data with fabricated information to create convincing false identities. SIF poses a significant challenge for traditional fraud detection systems, as it can evade detection by incorporating both real and fake elements into new identities.
As offensive tools continue to proliferate, security measures are struggling to keep pace with evolving threats. The limitations of current defenses, coupled with the inability of human observers to distinguish real from fake content, underscore the need for continuous monitoring, rapid adaptation, and proactive detection of novel attack patterns.
Organizations face severe financial losses from fraud, with identity theft costing over $10 billion in 2023. The future of identity verification lies in a multi-layered, dynamic strategy that can adapt to the evolving threat landscape and safeguard against fraudulent activities.