iProov publishes on the extensive scale of attack trends in its new report

Following this launch, the new Identity Verification Threat Intelligence Report unveils the extensive scale of attack trends leveraging readily available capabilities and sophisticated tactics against organisations relying on identity verification in order to secure system access and high-value transactions. In particular, the launch also showed that the Native Virtual Camera and Face Swap attacks had a big increase across the market recently. 

Included in the key findings and trends are Native Virtual Camera attacks that have become the primary threat vector, increasing by 2665% due partly to mainstream app store infiltration, Face Swap attacks that surged 300% compared to 2023, with threat actors shifting focus to systems using liveness detection protocols, as well as online crime-as-a-service ecosystem that grew, with nearly 24,000 users now selling attack technologies, and Image-to-video conversion emerging as a new synthetic identity attack vector with a simple, two-step process that could impact many liveness detection solutions already in the market.

More information on the Identity Verification Threat Intelligence Report

iProov’s report underscores an overall move towards long-term fraud strategies, with threat actors embedding stolen, bought, and synthetically derived identities into the fabric of everyday online identity access points. At the same time, some of the most insidious attacks use sleeper tactics, with code that remains dormant for extended periods of time, quietly prepared to wreak havoc on networks. In contrast, other criminals are currently replicating attacks faster than ever, focusing on launching parallel operations across different sectors and expanding their reach into remote work systems and corporate communications.

The scale of attacks against remote identity verification is vast, with iProov’s report identifying an overall growth analysed across multiple vectors and an increased focus on high-value corporate targets. Among the findings, the report cites that over 115.000 potential attack combinations are possible. Furthermore, an included simulation illustrated the multiplier effect of combining three of the most notorious attack tools, emphasising the severe potential for widespread damage.

In addition, static, point-in-time security measures, a collective false sense of security, and human error, exemplified by the fact that just 0.1% of participants could reliably distinguish real from fake content, underscores the limitations of current defenses. With this in mind, the report further emphasised that standard detection and containment protocols are not evolving as quickly as the threats, leaving companies and institutions vulnerable for extended periods. At the same time, it also stressed the overall importance of successful identity verification systems having real-time monitoring, as well as automating processes working with human analysts and continual remediation. wo