"Experts Warn of Voice Cloning-as-a-Service"

Security researchers at Recorded Future warn that threat actors are gaining significant interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud.  The researchers noted that deepfake audio technology can mimic the voice of a target to bypass multi-factor authentication, spread disinformation, and enhance the effectiveness of social engineering in business email compromise (BEC)-style attacks, among other things.  The researchers warned that, increasingly, out-of-the-box voice cloning platforms are available on the dark web, lowering the bar to entry for cybercriminals.  Some are free to use with a registered account, while others cost little more than $5 per month.  The researchers noted that in some cases, cybercriminals are abusing legitimate tools such as those intended for use in audio book voiceovers, film and television dubbing, voice acting, and advertising.  One popular option is ElevenLabs’ Prime Voice AI software, a browser-based text-to-speech tool that allows users to upload custom voice samples for a premium charge.  The researchers noted that the company had restricted the use of the tool to paid customers, which has led to an increase in references to threat actors selling paid accounts to ElevenLabs as well as advertising VCaaS offerings.  The researchers stated that, fortunately, many current deepfake voice technologies are limited in generating only one-time samples that cannot be used in real-time extended conversations.  However, the researchers argued that an industry-wide approach is needed to tackle the threat before it escalates.

Infosecurity reports: "Experts Warn of Voice Cloning-as-a-Service"