The world is seeing an ongoing multi-faceted cyber attack(s) (social engineering) that uses weaponized fake media, digital false flags and other digitally obfuscated materials. These attacks stem from nation states, paid hacker cartels and mercenary hackers globally. These cyber security attacks utilize social engineering, weaponized media and fake media. We have been studying these socially engineered attacks since 2009, and have created unique responses to them.
II. Main body
The Green Revolution of 2009 in Iran marked the first known use of weaponized social media. The Government of Iran utilized Twitter to get western citizens to spread their propaganda.
Fast forward to 2016, where USA itself was attacked through long term, dedicated weaponized media cyber assault on our democracy; and government alike by Russia and its agents. This attack continues with multi-faceted usage of fake media, bots, fake social media and malware laden content on these sites.
The final outcome is still under investigation, but it is seen as a major win for Russia intelligence groups, and a major loss for the USA.
In the 2016 attack on the USA, innocent citizens were co-opted to spread weaponized media that had either been previously illegally exfiltrated or was fake to begin with.
Some might say this is a soft attack, not vitally important as a hard cyber attack on a network, grid or infrastructure, that is simply not true.
In fact, these attacks are proving to be just as lethal as more traditional cyber attacks. Socially engineered attacks often mask other types of attacks as well – like DDoS, MiTM and malware/wipeware.
However, socially engineered attacks now account for more than 50% of the beginnings of all cyber security intrusions and breaches.
III. Conclusions/future steps
How does USA protect itself from such asymmetrical attacks in future?
With explosion of IoT Devices has come a parallel explosion of attack surface areas, many of which are simply not protected.
With the explosion of social media platforms and content being shared has come a parallel explosion of attack surface areas, most of which are not secured or protected. But many social media users operate under a belief that they are fine because “the big companies are protecting us.”
This is a false belief, and users, both government and individual need to take drastic steps to protect these accounts and platforms.
Should the USA Government sponsor Human/digital trainings to help protect and defend against socially engineered attacks?
How do regular people tell difference between real media/faked media? How do leaders weed out bots, automated accounts from real?
What steps can USA take today; tomorrow to prevent ongoing and future socially engineered cyber attacks?
Based on proprietary research at www.digijaks.com and through extensive work with clients who are dealing with and or have dealt with such attacks.