Opinion: The Zelensky deepfake is a warning for Corporate America
Cybersecurity
CNN’s Daniel Dale breaks down two videos being spread online to claim the media is broadcasting footage of “crisis actors.” Neither video shows what pro-Russia social media accounts claim.
” data-duration=”03:29″ data-editable=”settings” data-headline=”These videos about the invasion have gone viral, but they are completely fabricated” data-index=”idx-0″ data-show-name=”” data-show-url=”” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_e637f1cfe5f5b153304a2214e4c86bba-h_f1e7bd1ca06fa7b3937c86fd98a5bdb0-pageTop@published” data-video-id=”business/2022/03/09/fake-videos-spreading-misinformation-ukraine-orig-mh.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_e637f1cfe5f5b153304a2214e4c86bba-h_f1e7bd1ca06fa7b3937c86fd98a5bdb0-pageTop@published”>
Now playing
These videos about the invasion have gone viral, but they are completely fabricated
Lior Div, CEO of Cybereason, analyzes the escalation of cyberattacks against Americans amid the Russian invasion of Ukraine. Div explains how ransomware attacks may continue as sanctions on Russia become more effective.
” data-duration=”04:43″ data-editable=”settings” data-headline=”Cybersecurity CEO: ‘More targeted ransomware attacks’ by Russia coming” data-index=”idx-1″ data-show-name=”Quest Means Business” data-show-url=”https://www.cnn.com/shows/quest-means-business” data-source=”CNNBusiness” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_ee1d6d392c1817210fb19297cdcf9052″ data-video-id=”business/2022/03/22/cybersecurity-ceo-cyberattacks-russia-ukraine-invasion-qmb-vpx.cnnbusiness” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_ee1d6d392c1817210fb19297cdcf9052″>
Now playing
Cybersecurity CEO: ‘More targeted ransomware attacks’ by Russia coming
Hundreds of millions of devices are at risk due to a newly revealed software flaw, a senior Biden administration cyber official warned. CNN’s Alex Marquardt has more.
” data-duration=”02:18″ data-editable=”settings” data-headline=”How your device could be at risk of ‘one of the most serious’ cyber security threats” data-index=”idx-2″ data-show-name=”Newsroom” data-show-url=”https://www.cnn.com/shows/newsroom” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_baa2aceb0cf149fecd24239a75e77bc9″ data-video-id=”tech/2021/12/14/us-cyber-warning-software-vulnerability-marquardt-nr-vpx.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_baa2aceb0cf149fecd24239a75e77bc9″>
Now playing
How your device could be at risk of ‘one of the most serious’ cyber security threats
Vasu Jakkal, Microsoft’s VP of security, compliance and identity marketing, discusses a new option for users allowing them to ditch their password.
” data-duration=”03:23″ data-editable=”settings” data-headline=”Microsoft’s VP of Security: The future is paswordless” data-index=”idx-3″ data-show-name=”” data-show-url=”” data-source=”CNNBusiness” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_39ffc6f505f6334d45c276f879b98502″ data-video-id=”business/2021/09/17/microsoft-passwordless-accounts.cnnbusiness” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_39ffc6f505f6334d45c276f879b98502″>
Now playing
Microsoft’s VP of Security: The future is paswordless
SolarWinds CEO Sudhakar Ramakrishna tells CNN’s Julia Chatterley what the company has done to enhance security against hacks.
” data-duration=”03:29″ data-editable=”settings” data-headline=”SolarWinds CEO: Cyber threats need community vigilance” data-index=”idx-4″ data-show-name=”” data-show-url=”” data-source=”CNNBusinesss” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_2992bef8cc77c24b50f62bbd8f2151fe” data-video-id=”business/2021/08/03/solarwinds-ceo-cybersecurity-hacks.cnnbusinesss” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_2992bef8cc77c24b50f62bbd8f2151fe”>
Now playing
SolarWinds CEO: Cyber threats need community vigilance
Ransomware attacks are on the rise with an estimated $350 million paid out in ransom in 2020. Here’s everything you need to know and how to prepare yourself if you’re targeted next.
” data-duration=”04:04″ data-editable=”settings” data-headline=”Here’s everything you need to know about ransomware” data-index=”idx-5″ data-show-name=”” data-show-url=”” data-source=”CNN Business” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_1ea1e826320bb3868460e219187f1b0b” data-video-id=”business/2021/07/13/ransomware-attack-evg-explainer-jg-orig.cnn-business” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_1ea1e826320bb3868460e219187f1b0b”>
Now playing
Here’s everything you need to know about ransomware
Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.
” data-duration=”00:53″ data-editable=”settings” data-headline=”Microsoft urges Windows users to install update” data-index=”idx-6″ data-show-name=”” data-show-url=”” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_b6909c4ab6eceae03596361502ab9175″ data-video-id=”business/2021/07/07/microsoft-security-update.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_b6909c4ab6eceae03596361502ab9175″>
Now playing
Microsoft urges Windows users to install update
Software vendor Kaseya says that between 800 and 1,500 businesses have been compromised by the recent ransomware attack. CNN’s Clare Sebastian reports.
” data-duration=”01:41″ data-editable=”settings” data-headline=”Kaseya: The massive ransomware attack compromised up to 1,500 businesses” data-index=”idx-7″ data-show-name=”” data-show-url=”” data-source=”CNNBusiness” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_900892f22e9e1f595cfc95304e5545fb” data-video-id=”business/2021/07/06/kaseya-ransomware-attack-businesses-affected-vpx.cnnbusiness” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_900892f22e9e1f595cfc95304e5545fb”>
Now playing
Kaseya: The massive ransomware attack compromised up to 1,500 businesses
FireEye CEO Kevin Mandia talks with CNN’s Julia Chatterley about the acceleration of cybercrime and the risks of paying ransoms.
” data-duration=”06:43″ data-editable=”settings” data-headline=”FireEye CEO: Digital currency enables cybercrime” data-index=”idx-8″ data-show-name=”” data-show-url=”” data-source=”CNNBusiness” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_507fe4674085b0e6dbc9a51569c014d2″ data-video-id=”business/2021/06/10/fireeye-ceo-cybersecurity-ransomware.cnnbusiness” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_507fe4674085b0e6dbc9a51569c014d2″>
Now playing
FireEye CEO: Digital currency enables cybercrime
As we moved online in the pandemic, crime moved with us. In the European Union last year, new figures obtained by CNN show significant cyberattacks doubled. CNN’s Nick Paton Walsh reports.
” data-duration=”03:18″ data-editable=”settings” data-headline=”See how cybersecurity experts trace ransom payments” data-index=”idx-9″ data-show-name=”” data-show-url=”” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_595980d32ac7f9f240f949f05f8bd022″ data-video-id=”business/2021/06/10/cyberattack-europe-pandemic-elliptic-nick-paton-walsh-pkg-intl-hnk-vpx.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_595980d32ac7f9f240f949f05f8bd022″>
Now playing
See how cybersecurity experts trace ransom payments
The White House has issued a rare open letter to companies calling on them to treat the threat of ransomware attacks with greater urgency, following back-to-back attacks by Russian hackers on key oil and food processing companies. CNN’s Alex Marquardt reports.
” data-duration=”02:42″ data-editable=”settings” data-headline=”White House urges companies to take cyberattack threat more seriously” data-index=”idx-10″ data-show-name=”The Lead” data-show-url=”https://www.cnn.com/shows/the-lead” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_34accea748261683e8dcf8c8487f28ca” data-video-id=”business/2021/06/03/companies-ransomware-white-house-marquardt-dnt-vpx.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_34accea748261683e8dcf8c8487f28ca”>
Now playing
White House urges companies to take cyberattack threat more seriously
FireEye’s John Hultquist says ransomware is putting companies “in an impossible position” and that the government needs to step-up in order to deal with the threat.
” data-duration=”01:47″ data-editable=”settings” data-headline=”Cybersecurity expert: Defense isn’t perfect in this game” data-index=”idx-11″ data-show-name=”” data-show-url=”” data-source=”CNNBusinses” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_447fbee4bf1eb5d10877770442e7dda2″ data-video-id=”business/2021/06/03/cybersecurity-ransomware-companies-fireeye.cnnbusinses” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_447fbee4bf1eb5d10877770442e7dda2″>
Now playing
Cybersecurity expert: Defense isn’t perfect in this game
Arvind Krishna, CEO of IBM, tells CNN’s Julia Chatterley that a NASA-style public/private partnership is needed to improve cyber resilience.
” data-duration=”02:47″ data-editable=”settings” data-headline=”IBM CEO: Cybersecurity needs to be a collective effort led by government” data-index=”idx-12″ data-show-name=”” data-show-url=”” data-source=”CNNBusiness” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_40a1799a3bb940fd1cc56a9f9e05ca2b” data-video-id=”business/2021/05/11/ibm-ceo-cybersecurity.cnnbusiness” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_40a1799a3bb940fd1cc56a9f9e05ca2b”>
Now playing
IBM CEO: Cybersecurity needs to be a collective effort led by government
Rob Ross lost his life savings when a hacker tricked his cell phone provider into an illegal SIM swap. Here’s how you can protect yourself.
” data-duration=”05:14″ data-editable=”settings” data-headline=”A hacker stole $1 million from him by tricking his cell phone provider” data-index=”idx-13″ data-show-name=”” data-show-url=”” data-source=”CNN” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_c3aeec6817140c2968ac97daf65408df” data-video-id=”business/2020/03/12/sim-swap-hacker-stole-one-million-sg-orig.cnn” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_c3aeec6817140c2968ac97daf65408df”>
Now playing
A hacker stole $1 million from him by tricking his cell phone provider
CNN tech reporter Donie O’Sullivan thought he was being safe on social media. Watch social engineer & SocialProof Security CEO Rachel Tobac prove him very, very wrong.
” data-duration=”04:35″ data-editable=”settings” data-headline=”I report on technology. And I got hacked.” data-index=”idx-14″ data-show-name=”” data-show-url=”” data-source=”CNN Business” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_40c3df533f82845d727149cc39fd3a77″ data-video-id=”business/2019/10/17/hacked-tech-reporter-social-engineer-orig.cnn-business” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_40c3df533f82845d727149cc39fd3a77″>
Now playing
I report on technology. And I got hacked.
In 2017, credit-reporting company Equifax disclosed it had experienced a major data breach, affecting up to 143 million people. The company joined Yahoo, Myspace, Target, LinkedIn and more on the list of largest data breaches in history.
” data-duration=”01:43″ data-editable=”settings” data-headline=”5 of the biggest data breaches” data-index=”idx-15″ data-show-name=”” data-show-url=”” data-source=”CNN Business” data-uri=”archive.cms.cnn.com/_components/video-resource/instances/h_050f90e18b9656c9f88f76da3e2fd417″ data-video-id=”business/2018/09/25/biggest-data-breaches-equifax-orig.cnn-business” data-video-instance=”archive.cms.cnn.com/_components/video-resource/instances/h_050f90e18b9656c9f88f76da3e2fd417″>
Now playing
5 of the biggest data breaches
Editor’s Note: Matthew F. Ferraro is a former intelligence officer, a counsel at WilmerHale, a term member of the Council on Foreign Relations and a senior fellow at the National Security Institute at George Mason University. The opinions expressed in this commentary are his own.
Last month, a false video circulated online that seemed to show Ukrainian President Volodymyr Zelensky telling his soldiers to surrender to the Russian invasion. The video — a mediocre lip-sync of Zelensky’s face and voice — was the product of artificial intelligence manipulation, commonly known as a deepfake. It is unclear who made the deepfake, but the Ukrainian government had been warning for weeks that Russia may push manipulated media.
The video quickly spread on social media. Zelensky promptly responded with a video of his own from the streets of Kyiv, proclaiming that he will continue to defend Ukraine, and that the country’s citizens will only lay down their arms when they are victorious against Russia. And, the same day, major social media companies removed the deepfake for violating their policies on misinformation and manipulated media.
The Zelensky deepfake failed to unleash confusion and mayhem, as seems to have been the intention. As Sam Gregory, the program director for the human rights group WITNESS, observed, it was a “best-case scenario” for a situation like this. The Ukrainian government had engaged in extensive “prebunking” — warning of possible manipulated videos before they emerged. The deepfake itself was of poor quality. A credible person (Zelensky) quickly rebutted the deepfake’s message to his millions of social media followers. And the deepfake clearly violated social media platform policies against manipulated content, allowing the deepfake to be removed, Gregory said.
The ease with which deepfakes are made and distributed illuminates a growing risk not only to governments, but also to the private sector — where the use of believable manipulated media could be used to confuse customers, partners and employees and damage corporate brands and valuations. But the experience of the Zelensky deepfake provides some clues for what businesses can do to meet the threat.
Consider how falsified media could harm businesses. For example, an “undercover” video of a CEO seeming to use a racial epithet could circulate on the eve of a major product launch, torching the leader’s reputation and throwing the launch into doubt. Or the leaders of two competitors could appear in a video shaking hands to announce a (nonexistent) merger, goosing stocks to the benefit of anyone prepared for the jump. And, with many employees continuing to work remotely, a falsified video of a chief information security officer or chief financial officer could trick unsuspecting employees into providing IT credentials to an outsider or wiring funds to a thief, in a kind of cyber-impersonation campaign that the FBI calls “business identity compromise.”
The deepfakes could be spread by any number of bad actors, from industry competitors to disgruntled former employees, from trolls motivated by spite to profiteers seeking a payday through fraud, to foreign states that see strategic advantage in damaging the business community.
What can Corporate America do in response?
First, much as President Zelensky and his government removed the deepfake’s sting by warning ahead of time about the prospect of manipulated media, the C-suite should prepare employees for growing cyber threats, and deepfakes, in particular. They should revise their cyber incident response plans so that the entire company understands how to identify and respond to disinformation and deceptive media if it arises. That way, employees are less likely to be tricked into abetting fraud.
Companies should also consider integrating technology into corporate videos that reduces the likelihood that media can later be covertly manipulated. This is called image provenance, and it relies on blockchain technology to provide verifiable signatures that media has not been unknowingly altered. In the event a suspected deepfake of an executive appears, viewers could check metadata to see if the media was tampered with.
Second, Zelensky benefited from having both a massive online megaphone and an established, authentic voice. A video announcing surrender simply didn’t seem like something he would say. While business leaders may not be able to command as substantial a following as a heroic wartime leader, they should maintain verified presences on social media platforms, develop a genuine voice, and frequently communicate, at least, to key customers, partners and shareholders. They can reduce the power of a potential fake by establishing a real persona.
Third, if a deepfake targeting a company circulates, the business should move quickly to respond to it with legitimate content. The company should also work with its lawyers and with social media platforms to have the deepfake removed if it violates their policies, and partner with allies trusted by the public (like business titans, former government officials or celebrities) who can validate and amplify the business’s rebuttal.
The growing popularity of deepfakes and the ingenuity of bad actors who adapt old swindles to new technology make it imperative that the corporate world prepares for these burgeoning risks.
Source: https://www.cnn.com/2022/04/01/perspectives/zelensky-deepfake-disinformation-businesses/index.html