Cybersecurity and Disinformation
Introduction
In the current situation relating to COVID-19, I thought it is worth reminding about the risks and nature of disinformation and its links to cybersecurity.
In parallel to cyber-attacks that impact technological assets, threat actors are now often conducting an increasing number of multi-faceted disinformation operations. Alleged objectives of these attacks are to infiltrate dependable information sources and influence and distract public opinion, (social) media and the press. This is attempted by seeding distrust, undermining widely accepted societal and democratic values, and potentially influencing the outcome of important events such as elections. Such attacks can be perfectly disguised beneath the vast amount of publicly available information (often tailored to individual or group profiles) that people “consume” on a daily basis. This renders those attacks difficult to detect and mitigate.
Cyber-attacks can have a physical impact, but many of them tend to be more disruptive than destructive. Malware has the potential to take production plants offline, shut down the electric grid and cause power outages, and disrupt operations by compromising safety controllers in industrial control systems. Or perhaps not. Organizations may still be thinking about physical damage or impact, but attackers appear to have moved on to less overt activities that can still sow confusion and cause chaos. The combination of traditional methods and digital attacks lets the attackers still maintain a degree of deniability.
Along, with a threat to life when companies suffer severe data breaches if that leads to loss of finance of customers and users hardship and suicides may follow. Deaths have also occurred because of online sextortion and swatting attacks.
It is vital to distinguish between various types of disinformation as many websites and “Satire and Parody” channels are widely thought of to be legitimate although they seem quirky and bizarrely comical. The most common being:
Spotting Disinformation can be simple. One needs to have an eye for the following:
In the current situation relating to COVID-19, I thought it is worth reminding about the risks and nature of disinformation and its links to cybersecurity.
In parallel to cyber-attacks that impact technological assets, threat actors are now often conducting an increasing number of multi-faceted disinformation operations. Alleged objectives of these attacks are to infiltrate dependable information sources and influence and distract public opinion, (social) media and the press. This is attempted by seeding distrust, undermining widely accepted societal and democratic values, and potentially influencing the outcome of important events such as elections. Such attacks can be perfectly disguised beneath the vast amount of publicly available information (often tailored to individual or group profiles) that people “consume” on a daily basis. This renders those attacks difficult to detect and mitigate.
Disinformation operations are a clear reminder that cyber-space is a term that not only incorporates networks and computing devices but also the human element. This post aims to outlines what is disinformation a campaign and provides an overview of the threat.
Impact of Cyberattacks
Along, with a threat to life when companies suffer severe data breaches if that leads to loss of finance of customers and users hardship and suicides may follow. Deaths have also occurred because of online sextortion and swatting attacks.
Disinformation campaigns have the potential to cause the same degree of chaos that traditional cyber and social engineering attacks can result in.
Identifying Disinformation
- Satire or Parody – Potential to fool but no intention to cause harm.
- Misleading Content – To frame an issue or individual by using misleading information or half-truths.
- Imposter Content – Impersonating genuine content.
- Fabricated Content – False content designed to deceive and do harm in all respect.
- False Connection – Headlines, visuals or captions do not support the content.
- False Content – Genuine content shared with false contextual information.
- Manipulated content – genuine information is manipulated with an intention to deceive.
Spotting Disinformation can be simple. One needs to have an eye for the following:
- Posting profile - Review the spelling of the source and the “verified” mark as a certificate of authenticity as provided to most legitimate news sources. No Tick – No Trust.
- Headline – A headline should be descriptive and not deceptive. Most fake news headlines instigate curiosity using exclamation points, capped letters rather than providing an abridged version of the actual factual news.
- Cross-check – Check post comments, reactions and rely on fact-checking websites before providing your personal information or clicking the link. Also, make sure the post is current and is not a repost of an old fact.
Defending and Mitigating against Disinformation
What should individuals and companies do if they spot fake news? They need to report, report and report! And also educate others when someone posts disinformation. Reporting these to content reviewers on the relevant platform should help content reviewers to quickly block the source and restrict spreading misinformation.
Also, follow the best cybersecurity practises for individuals and companies with them also complying to regulations since they often get companies the majority of the way there: GDPR, NIS Directive, Cybersecurity Act, ePrivacy Act and the California Consumer Privacy Act.
Conclusion
Disinformation campaigns and tainted leaks are becoming a serious issue both in the cyber and physical world. Due to their nature, they are difficult both to identify and counter. Societies will have to develop defences against such attacks, particularly the ones that aim to potentially affect democratic processes such as elections, legislative procedures, law enforcement and justice. In the context of cybersecurity, disinformation campaigns should be closely monitored and thoroughly analysed in order to counter similar attacks in the future.
Hopefully, this post has some useful information. Finally, remember always wash your hand with soap and maybe give whatever type of input device you are using to conduct work give that a good clean as well.
Sources
Comments
Post a Comment