Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is fake news dangerous? Security pros say yes

John Brandon | Nov. 19, 2017
The influx of fake news has taken a social toll, but it is also an attack vector for phishing and malware delivery.

Isabelle Dumont, vice president at cloud security firm Lacework, says that companies might not need to worry about the overall pollution caused by fake news — it’s an impossible task to eradicate it — but they can start controlling their cloud infrastructures, looking for hijacks and other attacks that distribute the malware associated with the fake news.

Twitter is often the primary method to spread fake news (and therefore the associated malware). Karimi says hackers use a method called a DoubleSwitch, where they take over an account, propagate the fake news links, and cause other accounts to spread the links even further — all leading to more malware infections. Stopping the delivery of fake news through Twitter (or other social media) is a tedious and difficult, because so many fake accounts are on Twitter.

Carson says the primary concern right now is that companies are mostly ignoring fake news propagation as a tip-off. Some companies are attempting to block the activity using algorithms and some human intervention, but it’s not enough.

While using fake news to deliver malware through social media is new, the methods for identifying and blocking the malware is similar to what you would do for phishing attacks: recognize and report incidents, let the security response team investigate, and resolve any networking issues that allowed the malware.

Carson notes that the response should be immediate and thorough, because the window of opportunity for shutting down malware is small, especially if there is a known fake news ploy on social media and employees are susceptible to it. “Many companies have corporate IT policies that define acceptable use, password policies, rules and in some cases, incident response procedures,” says Carson. “Every employee should be familiar with these procedures because rapid responses tend to reduce problems or damage from the incident.”

More on cyber attacks:

IDG Insider


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.