Is fake news dangerous? Security pros say yes

The influx of fake news has taken a social toll, but it is also an attack vector for phishing and malware delivery.

phishing hack scam malware binary code

Fake news is the deliberate distribution of lies with the goal of swaying public opinion or dividing people. It has gotten the attention of information security professionals because it's difficult to identify and block — and because it helps spread malware.

“Fake news factories have engaged in operations to influence many citizens whether it is for marketing purposes, purchasing decisions, political instability, or just a misdirection to the real intention,” says Joseph Carson, chief security scientist at password management company Thycotic. “Social media and online services have been the primary victims as the users are now being fed with continuous feeds of information with no way to determine the authenticity of the source or whether is it trustworthy.”

How fake news delivers malware

Another problem is that fake news often has a secondary purpose. Scott Nelson, vice president at security training company SecureSet, says fake news is the latest attack vector for social engineering and hacking activity. Similar to a phishing attack, many variables are at play. Not every questionable link on Facebook is considered fake, and automated detection tools are not quite able to identify every story that’s suspicious or outright false.

“The introduction of malware embedded in images, links and downloads of the fake news story, email or social media site should be of increasing concern to organizations,” says Nelson. “These tactics are no longer the sole space of criminal organizations or spammers but are now used by nation states to attack or spread propaganda, compromise systems, inflict physical damage, or conduct espionage.”

Nelson says the enterprise is blissfully unaware of how much fake news behaves like malware (and often carries the same payload intended to harm users). That’s why hackers have taken advantage of this “look the other way” approach to classifying the fake news. “Organizations should be concerned that unsuspecting employees are falling prey to these new tailored campaigns [that spread] their political ideas or gossip,” he says.

To continue reading this article register now

Microsoft's very bad year for security: A timeline