It’s official – the US is losing the battle against cybercrime. The first quarter of this year has seen 841 publicly reported data compromises – a 90 percent increase compared to 442 compromises in Q1 2023.
According to the Identity Theft Resource Center (ITRC), the picture may be even grimmer than these bald statistics suggest. Year-on-year, the number of cyberattack-related data breach notices without information about the root cause of the attack leapt from 166 in Q1 2023 to 439 in Q1 2024. This represents a staggering rise of 265 percent in unsolved data breaches.
The number of victims drops, but remains far too high
The supposed good news in the ITRC’s latest figures, released yesterday, is that the number of victims dropped 72 percent year-on-year from 100,686,535 in Q1 2023 to only 28,596,892 in Q1 2024. This also represents an 81 percent drop from the previous quarter, which recorded 252,679 data compromise victims across the US. But the ITRC admits that this could be the result of cybercriminals employing increasingly sophisticated techniques in order to execute more precise attacks.
“The decrease in victims impacted is a bit of good news, though still too high…We believe it is due to identity criminals launching more targeted attacks, which differ from tactics used five to ten years ago,” says ITRC President and CEO Eva Velasquez.
Deepfake videos target key individuals
Among the increasingly sophisticated threat vectors previously highlighted by the ITRC is the growth of deepfake porn videos, which are now being used to blackmail private individuals, some of whom may hold key posts at organizations targeted by cybercriminals.
The ITRC quotes a well-known example of a deepfake of former President Barack Obama portraying him using profane language while appearing to look directly into a camera for an interview, something he claims he never recorded. It also outlines the growing problem of sophisticated deepfake technology now being in the hands of organized cybercriminals.
“While those celebrity sex tapes and the Obama video got a lot of attention, the bigger concern is what happens when it is not a famous person and not obvious the video is fake? What happens when it is an executive within your company sending a video message over a messaging platform, telling you to change account numbers or passwords?” asks the ITRC.
The iProov Threat Intelligence Report 2024: The Impact of Generative AI on Remote Identity Verification also recently reported a staggering increase of 704 percent in face-swap injection attacks during the second half of 2023. IProov also reported that 47 percent of the deepfake gangs were formed during 2023, when indiscriminate attacks each month ranged from 50,000 to 100,000. The most common face swap tools currently being used by cybercriminal groups are SwapFace, DeepFaceLive, and Swapstream.
