Misinformation abounds during the pandemic. Vigilance and skepticism are the best defense
In late January, Clint Watts, senior fellow at the Center for Cyber and Homeland Security at George Washington University and a Foreign Policy Research Institute fellow, gave the keynote address at the CPX 360 Cybersecurity Conference. The topic was misinformation and disinformation, and he warned the audience that bad guys are doing everything they can to trick you into believing false information to manipulate behavior. We’ve seen it most notably in the past several election cycles, but this type of social engineering is used in cyberattacks as well.
Watts’ keynote came just weeks before the country began to shut down, and his words take on new urgency as COVID-19 is being used for misinformation campaigns. According to research by Neustar, the pandemic has coincided with an uptick in misinformation and fake domain names and the perceived threats that accompany these issues.
“Misinformation is by no means new; from the beginning of time it has been used as a key tactic by people trying to achieve major goals with limited means,” Rodney Joffe, chairman of NISC and senior vice president and fellow at Neustar, said in a formal statement.
In an e-mail interview Joffe went deeper: “In the early stages of the pandemic, cybercriminals quickly responded by registering fake domains relating to the coronavirus,” he said. “These fake domains are intended to give attackers an air of authority, reliability, and urgency, thereby making it more likely that targets will decide to trust them.”
There are already a lot of legitimate and valuable domains about COVID-19, making it difficult to defend against fake domains, he added. “Whether they’re being leveraged to perpetrate a scam, spread malware or simply sow division and erode trust, businesses must find a sophisticated approach to the problem if simply blocking them all is not an option.”
Cyberattacks Surrounding Misinformation
Cybercriminals use misinformation to leverage the typical cyberattacks—phishing, ransomware—but Joffe said another trend they are seeing is the acquisition of domain names formerly belonging to a now-closed business. That domain isn’t flagged as suspicious, so it is used to conduct DNS attacks.
“For example, they may buy domains coming up on the secondary market from restaurants that have gone under. These are domains that existed and got a fair amount of traffic, then that traffic went to zero, now the site is suddenly back up and seeing traffic again,” he said. “It’s important for organizations to be able to detect these zombie domains attacks, and anything fitting that pattern should be considered suspicious until it’s analyzed and potentially reclassified.”
How to Keep Users From Falling Prey
According to the study, nearly half of cybersecurity professionals believe the threat of misinformation campaigns to be significant, but only a third say they are confident they have the ability to detect fake domains. But they recognize the danger that misinformation can cause to a company in both lost revenues and damaged reputation, and 9 in 10 agreed stricter measures may need to be implemented on the internet if these threats continue to escalate.
Since that isn’t likely to happen anytime soon, it is up to the security team to put measures in place to help workers—especially remote workers—stay vigilant to misinformation and fake domains.
“Organizations need awareness of what’s going on,” Joffe said. “Look at queries leaving the network to see where they’re going. If it’s suspicious, you should be blocking them.”
What makes something suspicious? Companies need to look at those character strings, he explained. “A perfect example of this is the Mirai botnet, which randomized the first 12 characters before the dot. Unless you’re looking at the data pattern that’s leaving the network, you won’t be able to stop it. Newly created domains are easier to spot than zombie domains, which can often get around the filters. You may not realize it’s part of a malware or exfiltration campaign until it’s too late.”
Additionally, organizations need awareness about how their brand could be co-opted by malicious actors and how their networks might be used to spread misinformation. “These risks are spiraling, and on an open internet where people are free to register domains and share information as they will, there is no simple way of counteracting them,” Joffe said.
“Where comprehensive technological solutions do not exist,” he added, “organizations will need to build up global task forces, monitoring and shutting down fake domains, misleading information and falsified evidence. Failure to deal with it effectively could have serious consequences for how the internet operates.”