Security Experts:

Connect with us

Hi, what are you looking for?



Fake News, Real Cybersecurity Risks

From fake outlandish crime stories to the reporting of fake stories tied to real events and suspected government manipulation, there was so much fake news in 2017 that the Collins Dictionary made this term their Word of the Year – and this is NOT fake.

From fake outlandish crime stories to the reporting of fake stories tied to real events and suspected government manipulation, there was so much fake news in 2017 that the Collins Dictionary made this term their Word of the Year – and this is NOT fake. But the viral nature of fake news headlines and hoaxes does more than spread misinformation and cause confusion, it presents extensive cybersecurity risks that are not making the news.

Advanced fake news spreads using a global network of hoax websites. Attackers can amplify their content and messages using social media, clickbait and advertising. Furthermore,  access to data and analytics on content performance and visitor demographics ensures they are able to accurately target and hone the virality of their messages. Here’s a simple and tasty example to show how this works.

In September 2017 a story was released just in time for Halloween with the title, “World’s most popular candy to be removed from shelves by October 2017.” The story was published on, and was instantly shared almost 70,000 times across social media channels. The story was even starting to appear on local news and health food websites. Although the story was fabricated and had no ramifications other than causing a handful of individuals to panic and load up on Reese’s Pieces, the potential impacts go much further. With so much data in the hands of a hoax site owner and the ability to rapidly spread content, it would be easy to pivot to more nefarious activities like spreading malware.

The risk of sharing a sensational story is not so obvious – after all, it’s only news, right? But fake news stories are hosted on websites that, although they may look harmless to visitors, actually have the ability to hide malware in plain sight by concealing malicious code inside its content. This practice is called steganography. In 2016, an exploit kit named Stegano was discovered that uses steganography to hide malware inside images that are hosted on remote webservers and delivered as ads. Stegano is built with the intelligence to disable antivirus protections in place and can be modified to deliver a damaging payload, such as ransomware, to initiate an effective targeted attack. 

Let’s apply this to fake news: a fake news story is created and shared with a sensational image that contains malware. The story can then be targeted based on social platform, domain name and/or region to reach a susceptible audience that ensures amplification. A user sees the story, clicks to read and shares, immediately becoming infected in the process and further spreading the malicious content to their social networks. 

While we have yet to see fake news become a primary weapon for attackers, it’s only a matter of time. In the next year or so, it’s likely that mass socially engineered attacks will become a key tactic for modern hackers or activist groups, with fake news being a weapon of choice. We need to be thinking now about ways to not only reduce the risk imposed by fake news, but also educate people to better identify these threats. So, how can we do this?

● Establish user awareness. Fake news spreads because people naturally want to share information with their social networks. Before sharing a link, always take time to review it – often the URL will be extremely similar to the real site, but with tiny differences. An example of this is the “share to get free stuff” social media scam. At a glance it looks identical, but the shared link has added characters. A quick review could prevent the unnecessasary spread of fake information.

● Utilize profiling services. To keep ahead of targeted campaigns, a number of security companies now offer profiling services that monitor the internet for possible targeting, website hijacking or spoofed company domain names.

 Secure and monitor the entire network. Make sure that you have the right security in place to protect the network and ensure that corporate data remains safe. Installing the latest endpoint security solution and keeping it up-to-date will reduce the risk of any malware being able to infect devices. Also, monitor the network to spot anomalous traffic as early as possible. This prevents malware from contacting C&C servers to activate and also reduces the risk of data leaving the network.

● Stay ahead with machine learning and automation. Once a fake news site has been recognized, it can be instantly blacklisted with updated policies pushed out to all devices automatically. In addition, the benefit of a cloud-based solution means that everyone subscribed to the service will be aware of, and protected against, the threat in near real-time.

While awareness is key and technology is a great assistant, there is one simple practice we can all adopt: think before you click or share. If it seems too good to be true, then it probably is. It’s quite possible that the news story you’re about to share could be part of something much more damaging.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.