CYBERWARCON – Foreign influence operations grow up
Information about CYBERWARCON – Foreign influence operations grow up
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.
From the Chris Krebs keynote to highlighting third-string, nation-state entrants into the cyber-arms race, the art of targeted disinformation is heating up here at CYBERWARCON. Two years ago (the last time the conference happened), the disinformation efforts were relatively unsophisticated, but now threat actors are spending serious time and effort crafting all the steps of the attack, and finding out what works.
More sophisticated actors are spending a lot more time infiltrating corporate email undetected. In this way, if they can quietly control email, in an email-in-the-middle attack, they can silently referee and exert selective information on very specific parts of the organization.
The phishing is getting better too, with more targeted efforts surrounding would-be conference speakers and news reporters. The ruse for speaker hopefuls it to pretend to be a conference organizer and explain they have been accepted as a speaker at a prominent event, but they have to register by clicking the link, which harvests information on a fake, usually cloned, website.
Attackers are doing a lot more research on their targets too. They now know a lot more about the target’s hopes and aspirations and play into them with very specific details harvested from their research efforts. The attacker’s language is getting better too, making it harder to spot fakes.
When attackers aren’t phishing, they’re usually deploying targeted ransomware. It’s anonymous and the proceeds, passed through cryptocurrency, pay for their continued operation. While the less sophisticated ransomware operators are increasingly getting busted, nation-state ransomware operators have more time and can support a more sustained effort to get what they want.
If neither phishing nor ransomware are doing the trick, bad actors try to influence news directly. By hacking legitimate news websites and pushing out fake stories with a special emphasis on certain aspects that highlight your country’s initiatives, it’s easy to believe it’s real.
To back it up, it’s important to create a number of fake personas that tweet about the story and push it throughout social media to help amplify the fake messaging.
And to sustain this kind of effort to make an issue appear real, organizations have to continue to apply pressure by pushing bogus news without getting caught, which requires some sophistication, budget and long-term focus on key issues. These factors point squarely toward nation-state activity, or at least support.
How can we fix this? According to Chris Krebs: impose steeper costs to attack. In Washington DC, there were rooms full of legislators trying to find ways to go after ransomware operators more deliberately and with the blessing of their constituents, victims, and fellow lawmakers, so imposing costs to attackers will continue to be a popular message. Also, don’t click on links in email – the perpetual public service announcement that just has to be repeated.