State-sponsored disinformation and critical infrastructure attacks 'biggest threats in 2019'

News by Jay Jay

Next year will see a huge growth in disinformation campaigns, according to FireEye which also predicts new campaigns against industrial control systems and supply chains.

Security researchers have revealed that in light of the fact that the EMEA region will host a number of elections in 2019, social media could serve as a prominent platform for hostile nations to carry out disinformation campaigns that suit their strategic interests.

Security firm FireEye's Global Cyber Security Predictions 2019 cautions that, just like they did in the past few years, nation-states will leverage the power of social media to spread disinformation and fake news ahead of general elections in the EMEA region to support their strategic goals.

Such social media campaigns could be run either to promote political parties that are friendly to specific foreign policies, or to promote certain narratives that could fuel unrest and conflict within societies.

"In 2019, we expect influence operations on a large scale with major nations, but also use of influence in media and on social networks with regard to local conflicts in Eastern Europe, as well as in APAC and in other parts of the world.

"These types of campaigns will be more difficult to detect due to their nature, and it will be challenging for cyber-security companies and governments to detect and deter the authors. Attribution will be key," the report read.

Recently, research by DomainTools had revealed how web domains of leading media organisations in the UK such as BBC News, The Guardian, Sky News, ITV News and the Daily Mail were being spoofed to spread disinformation among millions of readers. Similarly, in the rest of Europe, state-sponsored hackers have used a variety of techniques to spread disinformation or to mislead voters ahead of general elections.

In 2017, Angela Merkel's Christian Democratic Union (CDU) suffered a series of cyber-attacks ahead of the general elections in Germany and was also at the receiving end of various disinformation campaigns that included a fake story about the rape of a 13-year-old Russian-German girl at the hands of migrants as well as about the father of former European Parliament President Martin Schulz running a Nazi concentration camp during the second world war.

Hundreds of thousands of hacked emails associated with Emmanuel Macron's presidential campaign team were also leaked on social media prior to the French General Elections which he subsequently won. Marine Le Pen, Macron's strongest political foe, did not face any cyber-attacks at all, possibly because she was considered to be sympathetic to Russia.

According to FireEye, the fight to contain or eliminate disinformation campaigns on social media in the recent past have suffered greatly due to criminals operating from locations where there are no global agreements for potential extradition to other countries or where there is not much interest in pursuing cyber-criminals.

Indeed, cyber-criminals have, on a major scale, exploited the safety of borders and enmity between nations to carry out their malicious activities, and by recruiting various cyber-criminals groups, various states also try to achieve their strategic goals without running the risk of getting caught and while maintaining plausible deniability.

"With attribution, cyber-criminal activities will hopefully become harder to execute in the long run, and this could bring deterrence. In 2019, we expect to see more arrests made in the cyber-criminal ecosystem based on reliable and accurate attribution," the firm added.

Aside from the misuse of social media, FireEye also estimated that in 2019, cyber-criminals could launch fresh attacks on critical infrastructure networks in Europe, including energy and power firms. Such attacks could rise in the near future as critical infrastructure industries do not have a unified security strategy between information technology and operational technology.

According to Kevin Mandia, CEO of FireEye, a major reason why cyber-criminals are continuing to mount cyber-attacks and carry out information warfare is the lack of a credible deterrence and minimal repercussions. The safety of borders, the ability to repeatedly target critical industries and the ability to exploit human trust allows cyber-criminals to maintain the upper hand in the long run.

Moreover, the lack of resources makes smaller organisations juicy targets for cyber-criminals, and since they form the supply chain of larger organisations, their lack of cyber-resilience often leads to major data breaches and information leaks, creating backdoors into larger enterprises with mature security programs.

Steve Booth, chief security officer at FireEye, added that another reason behind the widespread threat posed by cyber-criminals across the world is the critical lack of cyber-security professionals. There could be as many as two to three million vacant cyber-security jobs, and the deficit is not likely to be curbed effectively in the near future.

Such being the case, Booth opined that instead of hunting for trained cyber-security professionals, companies should provide cyber-training to existing employees to enhance their skills and give them more responsibilities.

"You have to get the job done with the people you have, and anybody should be able to do it. That’s the part that is hopeful. And if you can come up with a way where non-security employees can deal with some of the threats that come in, that’s a huge benefit," he added.

Sandra Joyce, VP and head of global intelligence operations at FireEye, said that one of the most significant threats in 2019 could be the renewal of supply-chain attacks on industrial control systems. Such attacks are mostly carried out by nation-state actors, because of the resources and the persistence required to carry out such attacks, but that is beginning to change due to the increasing availability of intrusion and attack tools in underground marketplaces.

She added that the manufacturing industry could suffer the largest share of cyber-attacks in 2019 as manufacturing operations have a very broad attack surface, especially with an expanding Internet of Things (IoT) increasing connectivity every day and reliance on the supply chain in their manufacturing processes.

However, like Booth, Joyce also bemoaned the lack of cyber-security expertise which is seriously compromising the cyber-resilience of large industries. "The biggest problem facing all organisations is the dearth of expertise. Organisations may have every intention of addressing the security gaps and mitigating breaches, but many simply don’t have the manpower," she added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews