Extended work from home is making knowledge workers more vulnerable to disinformation attacks intended to take advantage of – or spread – panic and fear in society. Cybercriminals are already focusing on the contentious issues of personal liberties around the ongoing Coronavirus pandemic, such as requirements to wear a face mask, or the restriction of movement, according to Fujitsu. The firm predicts that a campaign to spread fear, uncertainty and doubt around the effectiveness of coronavirus vaccines is one new technique used in social engineering attacks. The most sophisticated attacks will play both sides against each other – using individuals’ fundamental beliefs. This could cause a widespread breakdown in the trust of information sources and impact business brands caught up in the cross-fire, the company warns.
According to Fujitsu, with many people longing to return to some post-pandemic normality, businesses and individuals will be targeted by disinformation campaigns focused on mandatory vaccination, health passports, mass immunity testing, and lockdowns. Fujitsu anticipates multi-vector attacks driven by criminal gangs and nation-states, which will target countries already trying to defend against disinformation targeted campaigns.
Paul McEvatt, Head of Cyber Security Innovation at Fujitsu, says: “Phishing is at the heart of these attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation. People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the Coronavirus pandemic is a global issue and a highly-emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.”
In 2020, Fujitsu tracked examples of attempts to subvert society by exploiting both a problem and its solutions. In April, the UK’s official National Cyber Security Centre (NCSC) reported it had taken down 2,000 scams, including 471 fake online shops trying to trick people looking for coronavirus-related services, and a further 200 phishing sites. And in March, security firm Check Point reported a spike in the registrations of domain names related to Zoom, with cybercriminals anticipating a jump in demand for online conferencing services and preparing to take advantage of rising demand by purchasing similar domains to use in credential phishing.
Fujitsu observes that extended periods of working from home are making knowledge workers more vulnerable to falling for phishing attacks and recommends three essential countermeasures:
Ensure that employees are empowered to deal with disinformation attacks. This is not just about training them to spot these but also making sure employees feel empowered to critically assess any email and report it quickly and without fear of recrimination.
Understand the threats. Threat Intelligence is a valuable part of any organisation’s defense as it allows security teams to understand potential threats and mitigate them before they become a risk.
Automate. Just looking at the scale and rapid pace of development of these threats shows us that 2021 will be an even busier year for security teams as they try to handle the volume of threats. Automating security processes gives security teams an advantage against these threats. It also lets them investigate real threats and richer context to ensure they know what they are dealing with.
More at the Fujitsu blog: https://blog.uk.fujitsu.com/.
