Fake News, Deepfake Threats in Play for Security Providers

Written by Pam Baker
July 26, 2019

Battling these emerging threats presents a new opportunity for MSSPs. Here’s how.

MSSPs are aware that the attack surface is expanding. But they might not yet realize that it’s branching out into new spaces like fake news too.

Fake news and deepfake threats are “not exactly a cybersecurity issue in terms of the usual data theft or operational disruption of services,” said Chris Morales, head of security analytics at Vectra. Instead, fake news and deepfakes threaten a company’s reputation or brand value and can be extremely damaging. Can MSSPs help protect against these attacks too? And if so, could this be a new revenue stream for security providers?

Framing the Fake News and Deepfake Threats

Deepfake videos are already making an impact on companies — even on tech companies with software in place to detect and quell fake news. For example, a deepfake video of Facebook’s Mark Zuckerberg recently tested the social media giant’s fake video policies and broke through its safeguards.

Deepfakes can take many different approaches in the quest to harm a brand or individual. Some examples include fake sex tapes, political statements, urgings of civil unrest, racist or sexist commentary, crime surveillance videos, and other damaging “evidence” of misdeeds. Deepfakes and fake news threats can also serve as extensions to, or improvements upon, existing threats like phishing.

Webroot’s Hal Lonas

“Cybersecurity professionals know that this technology is now being used to create high-fidelity phishing attacks where the phishing target – such as a financial institution, health care provider, auction site, or email provider – is indistinguishable from the real entity,” explains Hal Lonas, chief technology officer at Webroot.

“You can also imagine scenarios where a competitor creates a deepfake video with another company’s CEO making false statements, or user testimonials reporting problems with the company’s products. As a result, MSSPs and MSPs should consider ways to help protect themselves and their customers.”

Often victims have no idea the deepfakes or fake news is on the internet until it’s spread too far to stop and the damage is done. There are no data backups or antivirus software capable of finding these threats, much less stopping them.

How MSSPs Can Help Stem Fake News, Deepfake Threats

“If as an MSSP you are supporting the security risk-management process for your customers, then the risks associated with fake news should definitely be considered,” said Joakim Sundberg, CEO and Founder of Baffin Bay Networks.

Baffin Bay’s Joakim Sundberg

“Many of the risks can vary quite a bit based on the industry verticals you support,” Sundberg added. “As you’re considering the who, the how and the whys of fake news, it is important to consider future uses by customer’s competitors, disgruntled former employees, hacktivists and potentially organized crime if they figure out a way to monetize it.”

While there are some tools and platforms that can assist MSSPs in dealing with this line of threats, new AI applications look to be the best counter to the AI creating this stuff in the first place. But that’s not to say this will be an easy task.

The sheer scale of proactive monitoring and news validation is daunting and “very tedious using human capital,” says Morales. This makes it a perfect candidate for …