iProov, the world’s leading provider of science-based biometric identity verification solutions, has revealed details of an active cybercriminal operation that has successfully infiltrated financial institutions worldwide by exploiting critical vulnerabilities in remote identity verification systems, signaling an unprecedented assault on the digital fortresses of global finance by a sinister wave of AI-powered cybercrime.
Their recent investigation has unearthed a sophisticated threat actor, codenamed “Grey Nickel,” actively targeting banks, cryptocurrency exchanges, e-wallets, and digital payment platforms across Asia-Pacific, EMEA, and North America.
The revelations from iProov’s Security Operations Center (iSOC) paint a grim picture: “Grey Nickel” isn’t merely opportunistic; it represents a highly coordinated, specialized operation. These cybercriminals are leveraging advanced deepfake technology and other injection techniques to bypass traditional remote identity verification systems, particularly those used in crucial Know Your Customer (KYC) processes.
“These criminal groups understand that banking, crypto exchanges, e-wallets, and digital payment platforms represent some of the highest-value targets for identity fraud,” explained Dr. Andrew Newell, Chief Scientific Officer of iProov. “It is important to understand that these aren’t opportunistic attacks; they represent highly coordinated, specialized operations that pose an existential threat to the digital transformation of banking.”
iProov advises organizations to use its spectrum of identity assurance methodology to determine the most suitable verification technologies, tailored to each use case, by evaluating the contextual knowledge of the individual and the risk of the activity with the organization’s risk appetite.
iProov sees legacy defenses crumbling against AI-powered cybercrime wave
According to iProov, the core of the problem lies in a growing “identity assurance gap.” The gap between the identity assurance that these technologies are able to provide and the identity assurance needed has become a profitable sweet spot for cybercriminals.
This, as many financial institutions have relied on liveness detection technologies primarily designed to counter simple “presentation attacks” – where a fraudster might hold up a photo or mask to a camera.
However, “Grey Nickel” and other emerging threats employ far more advanced, AI-fueled “digitally injected attacks” that easily slip through these older defenses. iProov’s investigation has peeled back the layers of this interconnected web of criminal activity, revealing several distinct, yet often collaborative, operations:
- Grey Nickel: The Masterminds of Manipulation: Active since July 2023, this group is the vanguard of sophisticated face-swap technology, metadata manipulation, and injection techniques. Their primary goal: to defeat single-frame liveness-based verification systems, turning a once-secure gateway into a profitable entry point for fraud.
- Advanced Virtual Camera Networks: Beyond Grey Nickel, other criminal groups are developing and distributing specialized mobile applications for both Android and iOS. These insidious apps allow fraudsters to inject pre-recorded or manipulated video feeds during identity verification, with some even boasting lip-syncing capabilities to fool voice-based challenges.
- Deepfake-as-a-Service Operations: The black market has evolved. Independent criminal actors are now offering “deepfake-as-a-service” models. These comprehensive packages combine stolen identity databases with AI-generated media to create convincing “synthetic identities,” enabling large-scale identity fraud against cryptocurrency exchanges and payment platforms.
- AI-Powered Fraud Tools Proliferation: The tools of the trade are becoming frighteningly accessible. Criminal forums are rife with techniques and tutorials on using commercially available AI platforms to generate highly convincing deepfake videos, specifically engineered to bypass less robust liveness technologies.
Escalating losses, data blind spots underscore need for global action
The financial ramifications of these AI-driven attacks are staggering. In 2024, a single deepfake scam cost a Hong Kong employee of a British multinational company a staggering US$25.6 million.
A recent Biocatch Report revealed that over half of surveyed organizations admitted to losing between $5 million and $25 million to AI-powered attacks in 2023 alone. Moreover, a United Nations report highlighted a more than 600% increase in mentions of deepfake-related content targeting criminal groups in Southeast Asia during the first half of 2024, underscoring the explosive growth of this threat.
Adding to the complexity is a glaring global challenge: the widespread lack of comprehensive and consistent data from financial institutions. Without mandatory incident reporting across jurisdictions, regulators struggle to accurately assess the true scale of these illicit activities, hindering effective policy and enforcement.
While the European Union is proactively exploring solutions like the high-assurance EU Digital Identity Wallet, many nations lag, creating global disparities that cybercriminals are quick to exploit.
According to iProov, the battle against “Grey Nickel” and its ilk demands urgent international cooperation and data sharing. “As AI continues to evolve, so too must our defenses,” it stated.
Financial institutions must rapidly move beyond outdated security measures and embrace a “spectrum of identity assurance” – a methodology that tailors verification technologies to the specific use case, considering both the contextual knowledge of the individual and the risk of the activity. Only then can we truly safeguard the integrity of our digital financial landscape from the sophisticated, ever-evolving threats lurking in the shadows of AI.
