Text-to-speech technology has become a new business on the dark web.
Recorded Future cybersecurity experts warn of a rise in attacker interest in Voice Cloning-as-a-Service (VCaaS), which makes it easier to scam using deepfake technology.
Increasingly, off-the-shelf voice cloning platforms are appearing on the dark web, according to Recorded Future, lowering the entry barrier for cybercriminals. Some of them are free when you sign up for an account, while others cost only about $5 per month.
Among the topics of discussions found on the forums related to such tools, impersonation, callback scams and voice phishing (vishing) are most often mentioned.
In some cases, cybercriminals misuse legitimate tools that are designed for audio book dubbing, film and TV dubbing, character dubbing, and advertising.
One popular option is ElevenLabs Prime Voice AI software, a browser-based text-to-speech tool that allows users to upload their own voice samples for an additional fee. By making the tool available to customers for payment only, ElevenLabs has contributed to the growth in the use of the technology by cybercriminals on the dark web.
Recorded Future experts noted that ElevenLabs' actions have led to an increase in attackers selling paid ElevenLabs accounts, as well as advertising VCaaS offerings. The new restrictions have opened the door to a new form of commercialized cybercrime that requires a layered approach.
Fortunately, many modern deepfake voice technologies are limited to being able to generate only one-time samples that cannot be used in extended real-time conversations. However, an industry-wide approach is needed to tackle the threat before it develops.
Therefore, according to experts, adopting a framework that informs employees, users and customers about threats will be more effective in the short term than combating the misuse of the technology itself, which should be a long-term strategic goal.