Is fake news dangerous? Security pros say yes

The influx of fake news has taken a social toll, but it is also an attack vector for phishing and malware delivery.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Fake news is the deliberate distribution of lies with the goal of swaying public opinion or dividing people. It has gotten the attention of information security professionals because it's difficult to identify and block — and because it helps spread malware.

“Fake news factories have engaged in operations to influence many citizens whether it is for marketing purposes, purchasing decisions, political instability, or just a misdirection to the real intention,” says Joseph Carson, chief security scientist at password management company Thycotic. “Social media and online services have been the primary victims as the users are now being fed with continuous feeds of information with no way to determine the authenticity of the source or whether is it trustworthy.”

How fake news delivers malware

Another problem is that fake news often has a secondary purpose. Scott Nelson, vice president at security training company SecureSet, says fake news is the latest attack vector for social engineering and hacking activity. Similar to a phishing attack, many variables are at play. Not every questionable link on Facebook is considered fake, and automated detection tools are not quite able to identify every story that’s suspicious or outright false.

“The introduction of malware embedded in images, links and downloads of the fake news story, email or social media site should be of increasing concern to organizations,” says Nelson. “These tactics are no longer the sole space of criminal organizations or spammers but are now used by nation states to attack or spread propaganda, compromise systems, inflict physical damage, or conduct espionage.”

To continue reading this article register now