VCaaS: how cybercriminals monetized people’s votes
Text-to-speech technology has become a new business on the dark web.
Cyber security experts Recorded Future warn of the growing interest of attackers in voice cloning services on the Internet (Voice Cloning-as-a-Service, VCaaS), which make it easier to cheat using deepfake technology.
By according to Recorded Future , more and more often ready-made voice cloning platforms appear on the darknet, which lower the entry threshold for cybercriminals. Some of them are free when you sign up for an account, while others cost only about $5 per month.
Among the topics of discussions found on the forums related to such tools, impersonation, callback scams and voice phishing are most often mentioned (vishing).
In some cases, cybercriminals misuse legitimate tools that are designed for audio book dubbing, film and TV dubbing, character dubbing, and advertising.
One popular option is ElevenLabs software. Prime Voice AI , a browser-based text-to-speech tool that allows users to upload their own voice samples for an additional fee. By making the tool available to customers for payment only, ElevenLabs has contributed to the growth in the use of the technology by cybercriminals on the dark web.
Recorded Future experts noted that ElevenLabs’ actions have led to an increase in attackers selling paid ElevenLabs accounts, as well as advertising VCaaS offerings. The new restrictions have opened the door to a new form of commercialized cybercrime that requires a layered approach.
Fortunately, many modern deepfake voice technologies are limited to being able to generate only one-time samples that cannot be used in extended real-time conversations. However, an industry-wide approach is needed to tackle the threat before it develops.
Therefore, according to experts, adopting a framework that informs employees, users and customers about threats will be more effective in the short term than combating the misuse of the technology itself, which should be a long-term strategic goal.