Biased reporting of news is nothing new. Since from the inception of media, people frequently came across biased news. But, outright fabrication of news by mainstream media seems to have taken a life of its own in the recent years. Ironically, this so-called "fake news" is nothing new, when it comes to the internet, particularly on social media outlets. Although people are slightly accustomed to fake news, the surprising fact is some fabricated news stories printed in digital media are intended to deliver malware! Normally, such fake news is designed to attract a maximum number of visitors and bait unwary readers into becoming victims of attacks such as phishing and malware. Fabricated news can also have a broad impact on various multinational companies, considering how damaging this news can be.
From cybersecurity point of view, what makes this news so worrisome is, social media such as Facebook and Twitter can attract a maximum number of visitors at a lightning speed and spread such news like forest fire. For instance, a fake news published by Americanmilitarynews has said that "Donald Trump sent his own plane to transport 200 stranded marines". According to Buzzfeed’s data, this news had got 893,000 engagements. This type of news misguides readers and their after-effects are devastating. In order to suppress the rise of fabricated content, companies such as Facebook and Google are taking suitable steps to curb various false articles published on their website. In a blog post, Google said that it has permanently banned over 200 publishers from its AdSense advertising network to block the websites that try to deceive users from its online ad service.
In one way or the other, fabricated news that doesn’t consist of any facts or valuable information acts as an entry point for bad actors to launch phishing, malware and other types of attacks. They execute such attacks by tricking readers to click on various links that redirect them to another webpage, but the malware is stealthily downloaded in the user’s system. Normally, fake news is fabricated in such a way that no readers can hold their excitement to click on the link and see what exactly happened. But the focus of every social engineering campaign is to trick users to click on a link, download an attachment or visit third-party websites.
According to James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a cyber security think tank, astutely fabricated news has a substantial chance of tricking user’s ability to weigh the adversities of clicking a link and their cyber-hygiene training. Normally, readers fall for such news for several reasons, which includes their excitement to know about the news and their intention to keep themselves updated.
When the aforesaid facts are considered and analyzed, it is clear that bad actors are actively and aggressively using fake news as a platform to deliver malicious payloads that mercilessly infest network infrastructure, which leads to data theft and other attacks. While an increasing number of adversaries are exploiting fake news platforms, the attacks are becoming more sophisticated and more convincing. The malware attached to an enticing fake news content becomes more functional and complex. Its impact on victims will increase both in terms of frequency and brutality.
In order to mitigate cyberattacks that are disguised in the form of enticing news, security professionals, as well as organizations, need to monitor fake news sites constantly to look for potential hazards. Although this task demands more manpower, integrating analytical tool eases the task. Besides, executives should educate employees about the potential dangers of fake news. As organizations conduct workshops to educate employees to explain adversities of downloading malicious attachments or clicking on malicious links, explaining the potential dangers of accessing fake websites is equally important.
Additionally, creating and enforcing policies regarding the use of fake news websites within the organization helps in mitigating cyber threats to a greater extent. By enforcing aforesaid steps, security professionals and organizations can minimize the damage caused by fake news.