sb-au logo
Story image

Digital shadows looks at fake news, disinformation and how they affect business reputations

01 Dec 2017

Hardly a day goes by without media and sometimes government claims that Russia has been utilising social media tools to spread fake news and misinformation to influence everything from elections, mining approvals and even Brexit.

But Russia is just the tip of the iceberg for this issue with regular misinformation campaigns and attacks observed worldwide from activists, political and business rivalry, and even kids looking for kicks.

But how hard is it to spread this sort of misinformation?

Well it appears to be very easy indeed with easily available tools and services which actors can buy or rent as needed to get up and running quickly. The barrier to entry is very low indeed.

This means that for example twitter accounts can suddenly come out of nowhere and attract tens of thousands of followers and retweets in a matter of hours associated with particular misinformation campaigns.

For example, in October 2016 an ideologically motivated hacktivist group called Anonymous Poland published documents it claimed it had stolen from a breach of the Bradley Foundation, a U.S.-charity. Over the ensuing week almost 15,000 nearly identical tweets posted by approximately 12,000 Twitter accounts, featuring links to tweets about the Anonymous Poland breach were identified.

Disinformation campaigns can take many forms; however, they generally follow three distinct stages: 1) Creation, 2) Publication and 3) Circulation. For each stage, there are countless online tools, software and platforms to allow attackers to create credible and effective disinformation campaigns.

In recent years, there has been a growth in toolkits and services designed to propagate the spread of misinformation – available for just $7 – that are aimed specifically at causing financial and reputational damage for companies and governments

There are myriad drivers that will affect how disinformation campaigns evolve in the upcoming years. Based on the drivers and assumptions shown below, it’s almost certain that disinformation will continue; the geopolitical situation shows no signs of easing, and there is plenty of sociocultural unease to exploit.

While there will be continued efforts to remove suspicious content from social media sites, the low barriers to entry and innovation of threat actors will lead to an increase in disinformation. Moreover, this is not just a risk for political parties in 2018; disinformation affects businesses and individuals too.

So how do we combat this sort of threat?

There are some steps businesses can take to lessen the risk of disinformation impacting their businesses. These include:

  • Combat domain spoofing - organizations should proactively monitor for the registration of malicious domains and have a defined process of dealing with infringements when they occur. An agile and scalable takedown capability is critical for combating domain spoofing
  • Combat the ‘bots’ - monitor social media for brand mentions and seek to detect the ‘bots’ though it’s not always immediately obvious, there are often clues such as looking at the age of the account, the content being posted, and the number of friends and followers
  • Monitor forums for information that could manipulate the share price - organizations should search for mentions of their brand or staff across forums, which could be instances of malicious actors spreading disinformation
  • Keep an eye on trending activity – monitor trending activity as it relates to an organization’s digital footprint and potentially identify disinformation activity

Fake news and disinformation is not a new phenomenon, and it will not be going away anytime soon and indeed the continuing digitization and move to less traditional media sources is only likely to accelerate the issue further. The blurring between truth and fiction is often difficult to ascertain but businesses need to ensure they do all they can to monitor and protect their own reputations to ensure next time it is not them in the crosshairs of the attacker.

 Article by Rick Holland, VP Strategy, Digital Shadows.

Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More