Higher risk of disinformation attacks

Just as cybercriminals have taken advantage of recent topical themes such as the UK’s withdrawal from the EU and elections, Fujitsu predicts that a campaign to spread fear, uncertainty and doubt around the effectiveness of Coronavirus vaccines is one new technique used in social engineering attacks. The most sophisticated of these attacks will play both sides against each other – leveraging individuals’ fundamental beliefs. This could cause a widespread breakdown in the trust of information sources and impact business brands caught up in the cross-fire.

According to Fujitsu, with many people longing to return to some kind of post-pandemic normality, both businesses and individuals will be targeted by disinformation campaigns focused on mandatory vaccination, health passports, mass immunity testing, and lockdowns. Fujitsu’s cybersecurity experts anticipate multi-vector attacks driven both by criminal gangs and nation-states, which will target countries already trying to defend against disinformation targeted campaigns.

Phishing is at the heart of disinformation attacks

Paul McEvatt, Head of Cyber Security Innovation at Fujitsu, comments: “Phishing is at the heart of these attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation. People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the Coronavirus pandemic is a global issue and a highly-emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.”

Throughout 2020, Fujitsu has tracked multiple examples of attempts to subvert society by exploiting both a problem and its solutions. In April, the UK’s National Cyber Security Centre in the UK reported¹ it had taken down 2,000 scams, including 471 fake online shops trying to trick people looking for coronavirus-related services, and a further 200 phishing sites. And in March 2020, security firm Check Point reported² a spike in the registrations of domain names related to Zoom, with cybercriminals anticipating a jump in demand for online conferencing services and preparing to take advantage of rising demand by purchasing similar domains to use in credential phishing.

Extended work from home is making knowledge workers more vulnerable

Fujitsu observes that extended periods of working from home are making knowledge workers more vulnerable to falling for phishing attacks and recommends that organisations take three essential countermeasures:

1. Ensure that employees are empowered to deal with disinformation attacks. This is not just about training them to spot these but also making sure employees feel empowered to critically assess any email and report it quickly and without fear of recrimination.
2. Understand the threats. Threat Intelligence is a valuable part of any organisation's defense as it allows security teams to understand potential threats and mitigate them before they become a risk.
3. Automate. Just looking at the scale and rapid pace of development of these threats shows us that 2021 will be an even busier year for security teams as they try to handle the volume of threats. Automating security processes gives security teams an advantage against these threats. It also lets them investigate real threats and richer context to ensure they know what they are dealing with.