In the (Modern Warfare) Fast Lane | Marsh

This year has brought with it a profound change to the way we live and work. The first half of 2020 has been marred by global health crisis that has created, and in some circumstances exacerbated, political and social instability and financial hardship. The subsequent disruption through government measures such as lockdowns has resulted in an intensifying reliance on technology. All of these factors have created a perfect storm for the continued rise of modern warfare’s favoured method of attack, cybercrime.

A recent Wall Street Journal article[1] confirms that the significant increase in employees working from home has magnified the cyber security threats that businesses regularly battle. There no longer exists a traditional IT environment within the confines of a controlled workplace structure, as now each employee’s home represents a new workplace and potential exposure point for hackers to exploit. Techniques such as phishing emails masquerading as invitations for work videoconferencing meetings, fraudulent phone calls to IT help desks by threat actors posing as employees, or malicious websites with Coronavirus or COVID-19 in the URL[2] have led to reports of companies experiencing a doubling of hacking attacks since the implementation of widespread remote working arrangements[3].  

Major global organisations are not immune from such incidents. Earlier this year Twitter suffered a major cyber incident that saw some of its highest profile accounts promote a fraudulent scheme to defraud unsuspecting users of bitcoin. Twitter described the incident as “social engineering”, inferring a hacker was able to access their system by tricking someone with access to provide their details.[4]

The increased threats brought about by large proportions of a workforce working remotely are worrying, but not surprising. It reinforces a basic security lesson for businesses; an individual employee is both the strongest and weakest link in protecting a company’s systems from malicious attacks. However, what if threats against the employees themselves are occurring? One such threat has been elevated this year – cyber warfare via social manipulation. While seemingly mild in nature compared to hacking crime, it seeks to spread disinformation and manipulate the thoughts, attitudes, and ultimately actions, of an individual person. This cyber threat is much less about financial gain, but more about creating widespread instability to undermine economic and social structures; it is something that has the potential to profoundly influence our daily lives in a very short time.

The spread of disinformation

The pandemic has seen the proliferation of disinformation and conspiracy theories.  This has become such a threat that think tank the Australian Strategic Policy Institute (ASPI) regularly releases reports detailing the actors that are using information technology platforms to exploit the pandemic for strategic gain through the use of social manipulation. Foreign policy and cyber policy analysts have been quick to report on the use of misinformation regarding 5G networks, vaccines, and the apparent mismanagement of the COVID-19 crisis, that seeks to deepen societal divisions and cause unrest. It has been noted that state-sponsored actors have increasingly sought to exploit social divisions and vulnerabilities globally.

The use of Twitter and Facebook in particular has been instrumental in driving manipulation across the international community. Take for example a press release posted on a pro-Russian website in July that stated a US COVID-19 vaccine trial had been conducted on volunteers from the Ukraine, with five (or 30%) dying from the vaccine[5]. This false report[6], containing many strong political undertones, easily made its way from the website of a pro-Russian territory to the international arena, including a prominent Australian anti-vaccination Facebook group[7]. As noted by ASPI this fictitious information “has been effectively laundered from a fringe propaganda site associated with a separatist government, backed by pro-Russian militia, into the international information ecosystem, despite a multitude of attempts by legitimate media in multiple languages, including English, Spanish, Italian, Romanian and Czech, to fact-check it[8].”

News reports have cited experts saying that China and Russia are pushing many of the conspiracies and disinformation via these social media platforms[9]. However, why would these nation states have such an interest in fueling these theories? As noted above, unlike traditional cybercrime the motivations are much less financial in nature but aim to amplify divisive or negative narratives that further the agenda of the state-sponsored actors behind them. For instance, the 5G conspiracy theories do not have evidence to support them[10] and experts have debunked much of the misinformation that is being circulated. Yet they are still fast gaining traction amongst the general population. This has resulted in anti-government and anti-law enforcement protests, vandalism of property, and illegal gatherings – all stemming from this misinformation spreading online.

The tension between the superpower nations US, Russia and China is not a closely guarded secret. There are reports of threat actors from these nations launching cyber-attacks against each other and allied nations, including Australia, to disrupt power grids and other critical infrastructure[11], financial institutions and government systems. Social manipulation via technology creates instability and weakens economic and social systems, but rather than relying heavily on skilled hackers to bypass fortified Information Technology systems, it can easily be achieved by anyone with a social media account.

As noted by Alina Polyakova of the Brookings Institute:

“Democracies work only as long as citizens trust their democratic institutions to represent their interests. Over time, the slow drip of disinformation starts to burrow a hole in that delicate political contract, eroding democratic discourse and undermining the democratic process. And disinformation campaigns don’t stop when the ballot box closes—they are continuous and consistent. We may not feel the effects of such non-kinetic operations immediately or directly, but in the long-term, they present one of the greatest threats to the stability of our democracy.” [12]

Deepfake ransomware

Interest in deepfake ransomware has been growing amongst cybercriminal forums and dark web trading platforms[13]. Deepfakes are the manipulation of media using Artificial Intelligence to create a realistic composite of a person or voice that has replaced someone else’s likeness. Examples of deepfakes commonly appearing online are clips of celebrities from a movie, with only their face being replaced by another famous person. Deepfake technology developed in the 1990’s and amateur deepfake manipulation amongst the online community has been around for several years . However, the use of deepfakes for financial fraud has garnered increasing interest in 2020, with many users seeking ways to monetise this technology.

The first widely reported use of this technology for financial gain was in 2019 when the CEO of a UK energy firm wired €220,000 to a Hungarian bank account based on his boss’ phone instructions – however this was performed via AI technology, specifically using a deep fake voice[14]. The use of deepfakes being used to conduct effective social engineering scams represent an evolutionary step in ransomware. Businesses have been told that phone and/or video verification is an effective way of preventing social engineering scams; however if threat actors are successful in creating sophisticated deepfake scams using videos and voice samples from publically available content, there is no doubt that the resulting data theft and financial impact will be significant.

As technology users, the COVID-19 pandemic has brought to light concerning threats that we have to consider, both in terms of our roles as employees but also as individuals conducting our daily lives. Whether it is targeting us as users connected to a corporate system, using technology as a vector in social manipulation, or elevating ransomware to a new unseen level, modern warfare attacks are occurring on many fronts. Cyber warfare is a cost effective method to achieve financial gains and social disruption; it is something both companies and individuals need to continue to be vigilant of to protect businesses, reputations and our personal welfare.

The information contained herein is based on sources we believe reliable, but we do not guarantee its accuracy. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation, and should not be relied upon as such.
















Placeholder for Right rail bio component

language: en_us

lastname: Salgado

image: /content/dam/marsh/Imagery/Headshots/People-Portrait/kristine-salgado-portrait.jpg

title: Managing Principal – Cyber, Pacific - Marsh

firstname: Kristine

squareimage: /content/dam/marsh/Imagery/Headshots/People-Square/kristine-salgado-square.jpg

textIsRich: true

shorttitle: Managing Principal – Cyber, Pacific - Marsh

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”