Crime-as-a-Service Networks Drive Explosive Surge in Digital Injection Attacks with Native Virtual Camera, Face Swap, and Synthetic Identity Technologies

iProov, the world's leading provider of science-based biometric identity verification solutions, released its annual Threat Intelligence Report 2025 today. Based on iProov’s live observations of criminal activity worldwide, it unveils the extensive scale of attack trends using readily available capabilities and sophisticated tactics against organizations relying on identity verification to secure system access and high-value transactions. In particular, the report shows a skyrocketing increase in Native Virtual Camera and Face Swap attacks.

Key Findings and Trends

  • Native Virtual Camera attacks have become the primary threat vector, increasing by 2665% due partly to mainstream app store infiltration.
  • Face Swap attacks surged 300% compared to 2023, with threat actors shifting focus to systems using liveness detection protocols.
  • The online crime-as-a-service ecosystem grew, with nearly 24,000 users now selling attack technologies.
  • Image-to-video conversion emerged as a new synthetic identity attack vector with a simple, two-step process that could impact many liveness detection solutions already in the market.

Seismic Shift in Attack Sophistication and Proliferation

Simple, lone-wolf attacks have evolved into a complex, multi-actor marketplace. iProov’s report underscores a move towards long-term fraud strategies, with threat actors embedding stolen, bought, and synthetically derived identities into the fabric of everyday online identity access points. Some of the most insidious attacks use sleeper tactics: code that remains dormant for extended periods of time, quietly prepared to wreak havoc on networks. In contrast, other criminals are replicating attacks faster than ever, launching parallel operations across different sectors and expanding their reach into remote work systems and corporate communications.

"The commoditization and commercialization of deepfakes, for instance, pose a significant threat to organizations and individuals,” said Dr. Andrew Newell, Chief Scientific Officer at iProov. “What was once the domain of high-skilled actors has been transformed by an accessible marketplace of tools and services that low-skilled actors can now use with minimal technical expertise for maximum results.”

The scale of attacks against remote identity verification is vast, with iProov identifying exponential growth analyzed across multiple vectors and an increased focus on high-value corporate targets. Among the findings, the report cites that over 115,000 potential attack combinations are possible. An included simulation illustrates the multiplier effect of combining three of the most notorious attack tools, emphasizing the severe potential for widespread damage.

The Challenge for Traditional Security Frameworks

"As the rapid proliferation of offensive tools continues to accelerate, security measures are struggling to keep up,” said Dr. Newell. “We are moving to a world where the authenticity of digital media is becoming impossible to establish by the human eye, making this a problem not just for traditional targets but for any organization or individual that relies upon the authenticity of digital media to establish trust.”

Static, point-in-time security measures, a collective false sense of security, and human error, exemplified by the fact that just 0.1% of participants in a recent iProov study could reliably distinguish real from fake content, underscores the limitations of current defenses. The report further emphasizes that standard detection and containment protocols are not evolving as quickly as the threats, leaving organizations vulnerable for extended periods.

"Relying on outdated security measures is like leaving the front door open to fraudsters," said Dr. Newell. "Success requires continuous monitoring, rapid adaptation capabilities, and the ability to detect and respond to novel attack patterns before they can be widely exploited."

Financial Impact and the Need for Adaptive Solutions

Fraud against individuals is significant, and for organizations, it can lead to severe financial losses. According to the Federal Trade Commission’s Consumer Sentinel Network, over $10 billion was lost to identity theft in 2023, with notable settlement costs for organizations exceeding $350 million per breach.

The future of fast, efficient, and proven identity verification lies not in a single technology or approach but in a multi-layered, dynamic strategy. The report stresses the importance of successful identity verification systems having real-time monitoring, automation working with human analysis, and continual and fast remediation.

Report Methodology and the Road Ahead

The annual iProov Threat Intelligence Report 2025 draws data from its iProov Security Operations Center (iSOC), combining real-time threat detection, external threat intelligence, dark web monitoring, red team penetration testing, and biometric security research. In addition to a comprehensive timeline of identity deception trends from 2014 to 2024, the report highlights three critical factors: rapid technological advancements, the rise of attack marketplaces, and the transition from theoretical threats to documented financial crimes. The report also focuses on emerging threats to watch for in 2025.

Despite these evolving threats, iProov's biometric solutions remain resilient. The company's patented Flashmark technology and iSOC provide robust defenses against deepfakes, presentation attacks, and other sophisticated fraud techniques.

Download the Report

To download the full report and learn more about the latest trends in identity verification threats and mitigation strategies, please visit our website here.

Webinar

iProov is holding a webinar on 27 February 2024 to discuss the report findings in more detail. To sign up, click here.

About iProov

iProov provides science-based biometric identity solutions that combine exceptional user experiences with the highest levels of assurance. The company's Biometric Solutions Suite enables secure and effortless remote onboarding and authentication, streamlining digital and physical access experiences. Backed by a unique blend of scientific expertise, AI, and proactive threat intelligence, iProov safeguards high-value transactions and empowers organizations seeking innovative identity verification that outpaces evolving threats without compromising usability. With proven success in global deployments, iProov is a trusted partner for governments and enterprises, including the Australian Taxation Office, GovTech Singapore, ING, Rabobank, UBS, U.K. Home Office, UK National Health Service (NHS), and the U.S. Department of Homeland Security. In December 2023, Gartner listed iProov as a representative vendor in the Innovation Insight report for Biometric Authentication. Acuity Market Intelligence listed it as a Luminary in the 2023 Biometric Digital Identity Prism. iProov was also recognized as an Innovation Leader by industry analyst KuppingerCole, Market Compass of Providers of Verified Identity 2022. For more information, please see www.iproov.com or follow us on LinkedIn or Twitter.

Louise Burke Global PR Manager iProov Louise.burke@iproov.com