Cybercriminals increasingly use disinformation, the deliberate spread of false information, to enhance the effectiveness of cyber attacks like phishing, ransomware, and data breaches. In this blog post, I will analyze this growing threat, discuss real-world examples, and recommend how organizations can defend themselves against these blended narrative and technical attacks. 

The Evolution of Cyber Threats

Traditionally, cyber attacks focused primarily on technical intrusion - hackers would rely on exploits and malware to infiltrate networks and systems. At the same time, social engineering was often part of the initial breach; the core of the attack centered on gaining unauthorized access and extracting data. 

However, in recent years, cybercriminals have recognized the power of weaponized narrative as a force multiplier. By carefully crafting and spreading disinformation, attackers can significantly amplify the impact of cyber incidents. Even the anticipation of certain attack types being imminent can be enough to cause market fluctuations and reputation damage.

This image from Blackbird.AI’s Constellation platform depicts narrative clusters caused by misinformation and disinformation after a recent cyberattack impacted a major brand.

For example, the September cyberattack impacted a prominent casino chain, resulting in over $100 million in losses and disrupting critical systems, marking a significant blow to the company, affecting customer access to services, and potentially leading to data breaches. This incident impacted operations and triggered widespread public distrust, exacerbated by the rapid spread of online misinformation and disinformation. Analysts by Blackbird.AI using our Narrative Intelligence Platform, Constellation, revealed how narratives surrounding the attack evolved, impacting the chain's parent company, other casinos in Las Vegas, and the broader gaming industry. The situation was further complicated by comparisons with Caesars Entertainment, which had opted to pay a ransom in a similar situation, sparking narratives over the chain's decision not to pay and its implications for prioritizing customer convenience over digital security.

The broader implications of the cyberattack extended beyond the casino chain, casting a shadow of doubt over the security of the entire casino industry and beyond, suggesting vulnerabilities in financial institutions and the integrity of U.S. elections. This incident illustrated cyberattacks' significant, long-term impacts on brand reputation, customer loyalty, and public trust, underscoring the need for robust cybersecurity measures, effective incident response plans, and strategic narrative intelligence. Organizations must prepare to navigate not only the technical challenges of cyber threats but also the narrative battles that can influence public perception and competitive dynamics, highlighting the critical role of narrative intelligence in managing and mitigating the fallout from cyber incidents.

This trend is especially apparent in three notable cyber threat categories:

Phishing - Deceptive messages trick users into handing over login credentials or sensitive data. Disinformation gives these messages a veneer of legitimacy, exploiting trust and deceiving targets.

Ransomware - Disinformation tactics enhance the coercion and fear used in ransomware attacks. Deceptive narratives about data leaks boost ransom payments.

Data Breaches - Spreading misinformation about breaches that never happened or exaggerating actual breaches multiplies the reputational damage and customer panic.

Several high-profile cyber attacks over the past two years incorporated calculated disinformation campaigns:

  • In a 2021 ransomware attack on meat supplier JBS, the Russian-linked REvil gang demanded $11 million in bitcoin. The hackers also threatened to release stolen company data, a move designed to add leverage. 
  • A phishing attack against UK charities in 2022-2023 used extremely convincing narratives tailored to each target. The campaign achieved an uncommonly high 43% click rate for embedded links.
  • After the 2020 hack of a major social media platform, in which high-profile accounts were compromised, misinformation circulated about the attack's scope, claiming that massive amounts of user data were also breached.  

These examples showcase how disinformation is now a standard part of the cybercriminal playbook for exploitation, extortion, and destruction.

The Anatomy of a Disinformation Cyberattack 

When executed successfully, a cyberattack amplified by disinformation unfolds in several key phases:

1. The disinformation narrative is carefully crafted based on an extensive reconnaissance of the target organization or sector. Attackers identify key vulnerabilities, pain points, and fears.

2. The narrative is seeded through credible vectors like social media, blogs, or media outlets. Hacker forums on the dark web enable coordinated dissemination for maximum impact. 

3. The disinformation sparks the desired effect. Stock prices fluctuate, customers panic, and employees let their guard down. The narrative makes the target more vulnerable.  

4. The weakened target is hit with a technical attack, often through vectors opened by the disinformation. Data is breached, ransomware is deployed, and funds are stolen.

5. Even after the technical attack ends, the disinformation continues to sow confusion and magnify damage. Reputation loss persists even if systems are restored.

This multi-pronged approach leads to cyber incidents that inflict severe financial, operational, and reputational harm. No sector is immune from these tactics.

The claim was checked by Compass by Blackbird.AI.

Mitigation Strategies 

Defending against disinformation-enabled cyber attacks requires a two-pronged strategy combining proactive monitoring with widespread education:

  • Implement a robust narrative intelligence platform to detect early warning signs of emerging narratives and coordinate campaigns, including on hacker forums.
  • Provide comprehensive awareness training to employees on recognizing phishing attempts enabled by disinformation. Foster a culture of critical thinking.
  • Share narrative intelligence in real-time across industries and sectors. A diverse community defense is stronger against sophisticated attacks.
  • Use advanced analytics to detect unusual activity indicative of social engineering and deceptive narratives. Anomalies often precede an attack.  
  • Develop crisis communication plans to counter disinformation about ongoing or potential breaches. Be prepared to reassure customers, investors, and the public.

The Way Forward

As cyber threats continue to increase in frequency and impact, organizations must take the evolving nature of these attacks seriously. Cybersecurity can no longer just be about installing firewalls and malware scanners. Defending against disinformation campaigns requires a paradigm shift and treating the problem like a cyberattack on perception malware aimed at the mind.

Security teams must expand their focus from purely technical protections to identifying and countering persuasive narratives used before and after cyber incidents. This means implementing new monitoring tools, amplifying education and awareness, improving communication protocols, and collaborating more closely with industry partners. 

The cyber landscape will only grow more perilous in the coming years as hackers combine automation, AI, and sophisticated social engineering tactics. But by adapting new AI-based narrative intelligence defenses today, updating policies, and educating stakeholders, we can detect and neutralize cyber threats' technical and narrative aspects. While threat actors will continue innovating, knowledge and preparation are our best weapons. By recognizing the power of disinformation and moving decisively to address this growing tradecraft, organizations can develop resilience against current and emerging dangers. 

Cybersecurity leaders must expand their aperture to understand new and emerging threats like narrative attracts created by misinformation and disinformation.

‍To learn more about how Blackbird.AI can help you in these situations, contact us here.

Stephen Weber
BLACKBIRD.AI protects organizations from narrative attacks created by misinformation and disinformation that cause financial and reputational harm. Powered by our AI-driven proprietary technology, including the Constellation narrative intelligence platform, RAV3N Risk LMM, Narrative Feed, and our RAV3N Narrative Intelligence and Research Team, Blackbird.AI provides a disruptive shift in how organizations can protect themselves from what the World Economic Forum called the #1 global risk in 2024.