Fake News Is A Real Cybesecurity Risk

Uploaded on 2018-07-13 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

From fake outlandish crime stories to the reporting of fake stories tied to real events and suspected government manipulation, there was so much fake news in 2017 that the Collins Dictionary made this term their Word of the Year, and this is NOT fake. 

But the viral nature of fake news headlines and hoaxes does more than spread misinformation and cause confusion, it presents extensive cyber-security risks that are not making the news.

Advanced fake news spreads using a global network of hoax websites. Attackers can amplify their content and messages using social media, clickbait and advertising. 

Furthermore, access to data and analytics on content performance and visitor demographics ensures they are able to accurately target and hone the virality of their messages. 

Here’s a simple and tasty example to show how this works.
In September 2017 a story was released just in time for Halloween with the title, “World’s most popular candy to be removed from shelves by October 2017.” The story was published on breakingnews247.net, and was instantly shared almost 70,000 times across social media channels. 

The story was even starting to appear on local news and health food websites. Although the story was fabricated and had no ramifications other than causing a handful of individuals to panic and load up on Reese’s Pieces, the potential impacts go much further. 

With so much data in the hands of a hoax site owner and the ability to rapidly spread content, it would be easy to pivot to more nefarious activities like spreading malware.

The risk of sharing a sensational story is not so obvious, after all, it’s only news, right? But fake news stories are hosted on websites that, although they may look harmless to visitors, actually have the ability to hide malware in plain sight by concealing malicious code inside its content. 

This practice is called steganography. In 2016, an exploit kit named Stegano was discovered that uses steganography to hide malware inside images that are hosted on remote webservers and delivered as ads. Stegano is built with the intelligence to disable antivirus protections in place and can be modified to deliver a damaging payload, such as ransomware, to initiate an effective targeted attack. Let’s apply this to fake news: a fake news story is created and shared with a sensational image that contains malware. The story can then be targeted based on social platform, domain name and/or region to reach a susceptible audience that ensures amplification. 

A user sees the story, clicks to read and shares, immediately becoming infected in the process and further spreading the malicious content to their social networks. While we have yet to see fake news become a primary weapon for attackers, it’s only a matter of time. In the next year or so, it’s likely that mass socially engineered attacks will become a key tactic for modern hackers or activist groups, with fake news being a weapon of choice. 

We need to be thinking now about ways to not only reduce the risk imposed by fake news, but also educate people to better identify these threats. So, how can we do this?

● Establish user awareness. Fake news spreads because people naturally want to share information with their social networks. Before sharing a link, always take time to review it – often the URL will be extremely similar to the real site, but with tiny differences. 
An example of this is the “share to get free stuff” social media scam. At a glance it looks identical, but the shared link has added characters. A quick review could prevent the unnecessary spread of fake information.

● Utilise profiling services. To keep ahead of targeted campaigns, a number of security companies now offer profiling services that monitor the internet for possible targeting, website hijacking or spoofed company domain names.

● Secure and monitor the entire network. Make sure that you have the right security in place to protect the network and ensure that corporate data remains safe. Installing the latest endpoint security solution and keeping it up-to-date will reduce the risk of any malware being able to infect devices. Also, monitor the network to spot anomalous traffic as early as possible. This prevents malware from contacting C&C servers to activate and also reduces the risk of data leaving the network.

● Stay ahead with machine learning and automation. Once a fake news site has been recognised, it can be instantly blacklisted with updated policies pushed out to all devices automatically. In addition, the benefit of a cloud-based solution means that everyone subscribed to the service will be aware of, and protected against, the threat in near real-time.

While awareness is key and technology is a great assistant, there is one simple practice we can all adopt: think before you click or share. If it seems too good to be true, then it probably is.

It’s quite possible that the news story you’re about to share could be part of something much more damaging.

Security Week

You Might Also Read:

Spies Hack Journalism:

On Twitter Fake News Gets More Traction Than Truth:
 

 

« Are Women Better At Cyber Security?
Breakthrough Technologies To Combat Insider Threats »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

Black Bison Cyber

Black Bison Cyber

Black Bison Cyber is a premier cybersecurity firm specializing in elite, discreet, and highly personalized digital protection for high-profile individuals and executives.