Access to the internet and social media platforms lies in the backpocket of nearly every user in the world. From a security point of view, one of the fastest rising concerns is how this level of connectivity is being used to spread discord and division both quickly and across huge numbers of users.
According to the latest global survey by the United Nations, more than 85% of people are concerned about the impact of disinformation. Some 87% believe that misinformation, disinformation, and malinformation (MDM) campaigns have already left a negative impact on their country’s politics and would play a significant part in future elections.
Since the consequences of MDM extend far beyond the digital realm, threat actors including nation-states, advanced persistent threat (APT) groups, cybercriminals, and hacktivists are increasingly turning to deceptive tactics to target victims and pursue their objectives.
This blog explores the evolving threat of MDM campaigns and their role in the cyber warfare arena, exposing the strategies used by threat actors and the risks posed to organizations, businesses, and society at large.
Misinformation Campaigns | The Snowball Effect of Mistakes & Fake News
Misinformation, often stemming initially from genuine mistakes or inaccuracies, has had a long and storied history. In the last two decades alone, several notable misinformation cases have threatened public safety:
Iraq War and Weapons of Mass Destruction (WMD) – In 2003, faulty and exaggerated reports of Iraq’s apparent possession of weapons of mass destruction, as promoted by some government officials and the media, played a significant role towards catalyzing the U.S.-led invasion of Iraq. Over the course of nine years, millions of displaced Iraqi victims, and a death toll numbering at 4500 American and 185,000 Iraqi lives, the Iraq War is still widely viewed as a foreign policy disaster.
Pizzagate – During the 2016 US presidential election cycle, one man’s personal email account was hacked in a spear phishing attack. After the emails were leaked, conspiracy theorists falsely claimed that they hid coded messages leading to an alleged human trafficking ring run by high-ranking Democratic party officials. After one pizzeria in Washington, D.C. was pinpointed as a trafficking establishment, an armed individual entered the pizzeria to “investigate” the claims, opening fire and threatening the employees.
COVID-19 Misinformation – Throughout the height of the COVID-19 pandemic, a barrage of fake news and misinformation circulated widely, impacting public health and security. Unfounded claims about the virus’s origins, treatments, and preventive measures have led to confusion, noncompliance with public health guidelines, and life-threatening consequences. Health misinformation directly contributes to the spread of disease and the cases seen during the pandemic highlighted the gaps in content checks on popular social media platforms.
Today, misinformation campaigns have evolved into a more sophisticated form, with threat actors purposefully exploiting the echo chambers of social media to propagate false information or “fake news”. The manipulation of algorithms, the use of deepfakes, and hijacking of “For You” pages (suggesting trending topics) have all contributed to an efficient spread of deceptive content.
Disinformation Campaigns | Sowing the Virtual Seeds of Discord
Disinformation campaigns work by deliberately spreading false information to deceive, manipulate, or sow discord. These campaigns target many at once, influencing elections, escalating geopolitical tensions, and creating real-world security threats. To date, state-sponsored actors, hacktivists, and criminal groups continue to conduct disinformation operations on a global scale through propaganda, political manipulation, and psychological warfare. Some notable examples include:
Russian Interference in U.S. Presidential Elections – During the 2016 election cycle, Russian state-sponsored actors leveraged social media to launch a multifaceted disinformation campaign to influence election outcomes and erode public confidence in the American government. This campaign raised concerns about national security and the resilience of democratic institutions against cyber threats. Foreign actors including Russia and Iran again attempted to interfere during the 2020 cycle by promoting false narratives about election fraud, aiming to undermine public trust in the democratic process.
Brexit and Scottish Independence Referendums – A U.S. Senate report in 2018 stated that Russia had sought to influence democracy in the United Kingdom through “disinformation, cyber hacking and corruption”, and that researchers had identified 150,000 Twitter accounts with various ties to Russia that disseminated messages about Brexit before the referendum, indicating “that the broader aim was to magnify societal discord”. In January 2023, the European Court of Human Rights sought a response from the British government to a legal claim that it had failed to properly investigate Russian interference in both the Brexit referendum and the 2014 Scottish referendum on independence. A 2020 British Intelligence and Security Committee was said by the same report to have found credible evidence Russia had tried to influence the Scottish referendum.
French Presidential Election – In the lead-up to the 2017 French presidential election, various state-sponsored and non-state actors launched disinformation campaigns to influence the election’s outcome. Spreading doctored tweets and emails, the actors attempted to threaten the security of the electoral process and public trust in specific electoral candidates.
Ongoing Disinformation in the Russia-Ukraine War – Ukraine has been a hotspot for disinformation campaigns for several years, driven largely by Russia’s efforts to shape narratives, undermine the Ukrainian government, and influence events in the region. These campaigns, which claim Ukrainian aggression or exploit ethnic divisions within Ukraine for example, are part of a broader information warfare strategy that continues to be used to exploit political and social fault lines.
Malinformation | Branching Information Warfare Into Identity-Based Attacks
Malinformation campaigns are a more recent development in information warfare. These involve the release or distribution of truthful and legitimate private information for malicious intent. Malinformation often originates from data breaches or social engineering, where sensitive personal or corporate data is stolen or leaked and then published out of context. Victims of malinformation are then usually subject to doxxing, swatting, or other means of blackmail and harassment. These campaigns also harm organizations by publishing trade secrets, confidential data, or proprietary information. Infamous examples of malinformation cases are:
LinkedIn Data Breach – In 2012, a massive data breach exposed the passwords of millions of LinkedIn users. Many victims experienced extortion attempts when hackers threatened to reveal their compromised LinkedIn credentials unless a ransom was paid. Four years later, reports alleging the sale of the stolen credentials on the dark web surfaced, showing how potent breaches like this can be in both the short and long run.
GamerGate – A controversy that began in 2014 within the gaming industry but quickly escalated into a vicious online harassment campaign. Women and marginalized communities in the gaming industry were being targeted with doxxing, swatting threats, and harassment. The campaign highlighted the dark side of online communities and the impact of malinformation on personal security.
Political Doxxing During the Hong Kong Protests – During the pro-democracy/anti-government protests in Hong Kong in 2019, an unprecedented wave of doxxing campaigns targeted activists as well as police officers and journalists. Individuals on both sides of the protest line saw their private information (names, photos, ages, and occupations) shared across social media apps like Telegram.
MDM Tactics Move Into the Corporate World | How to Protect Enterprises & Organizations
In 2018, tech manufacturer Broadcom Inc. received a forged memo allegedly signed by the U.S. Department of Defense, asking for a review of their upcoming $19 billion dollar acquisition of CA Technologies by the The Committee on Foreign Investment in the United States (CFIUS). CFIUS is tasked with reviewing international deals for potential security risks to the nation. Since the acquisition of CA Technologies by Broadcom involved only American companies, the review has no basis, triggering suspicion.
Although quickly confirmed by the DoD to be fraudulent, the fake missive challenged national security measures in the public eye and caused both companies’ stocks to fall briefly. Examples like this show that the risks of MDM threats not only exist in geopolitical and social spheres, but the corporate sphere, too.
MDM threats in the corporate sector focus on causing brand and reputational damage, loss of customer trust, and both short and long-term financial losses. Disinformation-as-a-Service (DaaS) models, for example, allow malicious actors to purchase tailored MDM campaigns for their specific objectives. DaaS providers leverage a wide array of techniques, including creating and disseminating false narratives, manipulating online content, and conducting social engineering campaigns to achieve their goals.
Why Misinformation, Disinformation & Malinformation (MDM) Is a Cybersecurity Problem
MDM campaigns thrive off of connectivity and globalization to attack human perception both online and offline and have become a key component of modern information warfare. The intersection between MDM campaigns and cybersecurity can be examined across the following areas:
Terrain | Where Threat Actors Operate MDM Campaigns
While social media platforms often act as gateways and amplifiers for MDM campaigns, threat actors also leverage networking infrastructure and routing services to distribute malware, ransomware, and more to perform their malicious tasks. Disinformation and cybersecurity involve many of the same stakeholders within the private sector and the internet technical community.
Tools | Sharing the Same Methods of Attack
There is a substantial overlap between MDM and cybersecurity in terms of attack tools and methodologies. Much like in cyberattack strategies, MDM takes advantage by manipulating their victims’ anxieties and heightened emotions. For example, the deployment of “fearware”, a subset of phishing lures that thrived during the pandemic, preys on misinformation and information gaps. Further, disinformation campaigns and cybercrime tactics both dip into the realm of illegal dark web transactions, ill-got data and assets, and various forms of fraud.
Incentive | The ‘Why’ Behind MDM Campaigns
Hacking, cybercrime, and influence operations offer lucrative opportunities, often outsourced to skilled threat actors or cybercrime-as-a-service infrastructures. While individuals and businesses have increased their preparedness for ransomware attacks, MDM strategies like defamation and extortion are commonly used to inflict long-term reputational harm and secure a financial gain.
Applying Cybersecurity Lessons to Combat MDM Campaigns
Implementing robust cybersecurity practices play an important role in protecting organizations from a wide variety of threats. Cybersecurity practices are designed to identify and detect anomalies in data, network traffic, and user behavior. Advanced endpoint protection solutions can continuously monitor network traffic and identify suspicious patterns or deviations from the norm.
Ongoing monitoring is critical in the battle against MDM campaigns, particularly those feeding off public anxiety about current events. Cybersecurity teams continuously track information sources, social media channels, and online forums for signs of disinformation and misinformation. Automated tools and manual analysis help monitor the spread of false information and gauge its impact. Organizations can employ threat intelligence feeds and social listening tools to stay informed about emerging threats and campaigns.
Following cybersecurity best practices can also help to protect against harm caused by MDM campaigns. Effective best practices include implementing role-based access controls (RBAC), multi-factor authentication (MFA), encryption, and secure coding practices to safeguard information and data integrity. Cyber hygiene, such as regular software patching and updates, can also reduce any known vulnerabilities that malicious actors might exploit.
While cybersecurity best practices are essential, it is important to acknowledge that MDM campaigns are not solely a technical problem. These campaigns often involve psychological manipulation, social engineering, and the exploitation of cognitive biases. To secure from a user point of view, security awareness training educates employees about the risks of falling victim to disinformation campaigns, teaching them to recognize and report suspicious activities.
Conclusion
The evolving threat of MDM campaigns continues to tighten its grip on the digital landscape, impacting geopolitical, social, and corporate spheres. Waves of these campaigns have become a common occurrence in modern cyber warfare, where information is strategically weaponized to manipulate election outcomes, disrupt critical operations, and undermine public trust.
MDM campaigns are a symptom of the dynamic nature of our digital age. In this ongoing battle, knowledge, vigilance, and proactive measures are the best defense against the rising influence of MDM tactics and their role in the realm of cyber warfare.
As businesses navigate these developing threat tactics and techniques, adopting a multi-dimensional security strategy that combines robust preventive measures with XDR capabilities becomes a vital one. To learn more about how SentinelOne’s Singularity XDR can help defend your organization, book a demo or contact us today.