Organized crime has evolved into a synchronized global ecosystem, with Southeast Asian groups sharing sophisticated fraud techniques with their Latin American (LatAm) counterparts.
At the same time, attacks targeting iOS devices are accelerating, fueled by advanced injection techniques. Meanwhile, rapid advancements of accessible artificial intelligence (AI) tools is driving a proliferation of hyperrealistic deepfakes in corporate environments, posing significant challenges to current active liveness solutions.
These threats are among the top trends emerging this year highlighted by iProov, a provider of science-based biometric identity verification solutions, in a new report. Drawn on data from the iProov Security Operations Center (iSOC), combined with real-time threat detection, external threat intelligence, dark web monitoring, red-team penetration testing, and biometric security research, the report explores the evolving threat environment for 2026.
Globalization of crime
Organized crime has evolved from fragmented, regional operations into a highly synchronized, cross-border ecosystem. Sophisticated groups, particularly those in Southeast Asia, now rapidly share tactics, techniques, and procedures (TTPs) across borders with counterparts in Latin America (LatAm) with near-instantaneous speed.
This cross-hemisphere collaboration has created a synchronized threat environment where Southeast Asian groups effectively beta-test the innovations that LatAm groups later industrialize. This professionalized offensive has led to an escalation in Southeast Asian attack volumes, which iProov expects to see across LatAm financial institutions.
Underscoring this trend, Southeast Asia experienced a 720% spike in attacks in Q3 2025, highlighting the region’s growing role as a testing ground for emerging fraud techniques.
The sophistication of these operations has also escalated. Criminal groups started couple of years ago by sharing basic PDF guides for manual presentation attacks. They eventually evolved into deploying advanced malware that allowed them to bypass weak biometric liveness technology. In 2025, their focus further shifted, pivoting from distributing cracked Android package kits (APK) files to releasing high-value know-your-customer (KYC) data packages. These bundles typically include stolen US and European identity documents, with matching selfies.
iOS attacks surge
In 2025, attacks targeting iOS devices accelerated, marking them as attractive targets for criminals. While H1 2025 saw a modest year-over-year (YoY) increase of 14.9%, H2 2025 experienced a critical surge of 1,151% compared to the same period of 2024.
This hyper-growth in the second half of the year marks the industrialization of attack techniques once feasible only for experimental or state-sponsored use. These have moved from isolated operations to weaponized, repeatable playbooks deployed at scale.
Injection attacks started on web platforms, moved to Android, and left iOS relatively untouched for years. This perceived robustness stemmed from Apple’s closed-loop of owning the entire stack, from the hardware to the operating system and App Store.
However, in September 2025, researchers discovered a sophisticated tool designed to bypass identity verification systems on jailbroken iPhones running iOS 15 or later. The tool connects to remote servers that generate the fake footage and then inject the finished high-fidelity video directly into the device’s video stream. The injection occurs before the camera layer, and tricks applications into believing they are seeing a live person when they are actually viewing a pre-made deepfake.
Deepfakes expand across the enterprise
Deepfakes are increasingly being used beyond identity verification systems and into everyday corporate workflows, particularly across video-based interactions. Advances in image-to-video generation, driven by widely accessible AI tools such as Kling AI, Nano Banana, and similar platforms, are making it easier than ever to quickly create highly realistic synthetic identities from minimal source material.
This year, iProov predicts the proliferation and sophistication of hyperrealistic, live deepfakes. These deepfakes will be applied directly to an attacker’s face during a video conference meeting, effectively fooling human reviewers and neutralizing many current liveness solutions challenges.
Active liveness solutions that require a movement or action will be easily duped. Organizations that fail to deploy solutions with multi-layered defenses, where the vendor captures a broad range of signals from the user, imagery, and device for high accuracy and security, will remain vulnerable.
This prediction aligns with findings of other industry studies. A 2025 Gartner survey revealed that organizations are increasingly impacted by deepfake incidents, with 43% of cybersecurity leaders reporting at least one audio call incident and 37% experiencing deepfakes in video calls. This threat has accelerated over the past years. A 2025 Ponemon Institute research found that deepfake impersonalization attacks targeting executives jumped from 34% in 2023 to 41% of respondents in 2025.
AI vulnerabilities are accelerating at an unprecedented pace. According to the World Economic Forum’s Global Cybersecurity Outlook 2026, 87% of the 800+ C-suite executives surveyed identified AI-related vulnerabilities as the fastest-growing cyber risk over the course of 2025.
Looking ahead to 2026, data leaks associated with genAI (34%) and the advancement of adversarial capabilities, such as phishing, malware development, and deepfakes (29%), stand out as leading concerns.
Featured image: Edited by Fintech News Singapore, based on image by ArtiDirector54 via Freepik
