In today’s digital landscape, the rapid dissemination of information online has significantly transformed how we perceive and respond to cyber breaches. However, a growing concern is the rise of misinformation surrounding these incidents. Recent high-profile cyber breach reports, many of which have turned out to be false or misleading, have created an atmosphere of uncertainty, making it increasingly difficult to distinguish fact from fiction. This article examines the challenges posed by cyber breach misinformation, the tactics used by cybercriminals to exploit this confusion, and the broader implications for cybersecurity.
The Rise of Cyber Breach Misinformation
Over the past few months, the prevalence of false or misleading cyber breach reports has escalated. This trend is fueled by various factors, including the speed at which information spreads online and the motivations of cybercriminals to create panic and pressure organizations into paying ransoms quickly. For instance, in late January, a person claimed on a hacking forum to be selling data for 48,606,700 Europcar.com customers. Europcar later confirmed that the data was fake and generated using artificial intelligence.
Several incidents illustrate the growing problem of cyber breach misinformation:
LockBit and Fulton County, Georgia: In late February, the ransomware group LockBit reemerged with new dark web sites after being disrupted by law enforcement. They threatened to release stolen files from Fulton County, Georgia, unless a ransom was paid. Fulton County called their bluff, and no stolen files materialized.
Epic Games and Mogilevich: The same month, a group called Mogilevich claimed to have hacked Epic Games and stolen 189GB of data, which Epic Games denied. Mogilevich later admitted the claims were false, acknowledging their intent to scam for quick cash.
US Environmental Protection Agency (EPA): In early April, a threat actor named DoD claimed to have stolen three gigabytes of data from the EPA, which the EPA confirmed was publicly available and not a result of a breach.
Change Healthcare and RansomHub: In mid-April, RansomHub claimed to have stolen four terabytes of data from Change Healthcare. Although cybersecurity experts believed the claims might be valid, confusion persisted about RansomHub’s true identity and motives.
The increasing frequency of such false reports creates a web of misinformation, complicating the task of discerning the truth about cyber incidents. This environment makes it challenging for organizations to respond effectively and for the public to understand the real risks.
Tactics Used by Cybercriminals
Cybercriminals often use misinformation as a tactic to pressure organizations into paying ransoms quickly. Troy Hunt, founder of the data breach search website HaveIBeenPwned, emphasizes the importance of recognizing that “the folks we’re dealing with here are criminals, and their motives are clearly not pure. They’ll construct whatever narrative they need to service their own requirements.”
Hackers frequently make exaggerated or false claims about the extent of data breaches to create urgency and force organizations to act before they can thoroughly investigate. Brett Callow, a threat analyst at Emsisoft, explains that criminals try to push organizations into paying quickly, often based on bluffs. They aim to prevent organizations from having enough time to conduct forensics and realize the data loss is not as significant as claimed.
Recent disruptions by law enforcement have created greater turmoil in the threat actor world, contributing to the unpredictability of ransomware operations. Callow notes that increased disruptions have led to a more chaotic and unpredictable ecosystem. For example, in the case of RansomHub, Change Healthcare paid $22 million to AlphV, but the money was allegedly taken without paying the affiliate, leading to further extortion attempts.
The Role of Media and Online Platforms
The rapid spread of false data breach reports is exacerbated by the role of media and online platforms. In a blog post, Troy Hunt highlighted that certain Twitter accounts amplify incidents reported on hacking forums and dark web sites, giving them greater visibility. This amplification often brings incidents that might have remained on the fringe into the spotlight, where they attract more attention and scrutiny.
The proliferation of breach reports online makes it difficult to verify the accuracy of each claim. Hunt points out that while most reported incidents are genuine, the sheer volume of data breaches requires thorough due diligence and verification. Press outlets, in their race to land scoops, sometimes uncritically report incidents posted on leak sites without adequate verification, contributing to the spread of misinformation.
Security researchers also play a role in the spread of misinformation. Callow criticizes some researchers who, in their quest to build a following, tweet details of every breach they come across, often assisting criminals in the process. Responsible reporting and verification are crucial to maintaining the integrity of cybersecurity information.
The Role of Companies in Misinformation
Companies themselves can contribute to misinformation by initially denying breaches, only to later confirm them. AT&T, for example, initially denied a 2021 breach affecting 71 million customers, only to later confirm that the breach affected 73 million customers. This pattern of denial followed by admission further complicates the public’s understanding of cyber incidents.
Transparency is vital in combating misinformation. Companies should strive to be forthcoming about breaches and work with journalists and security researchers to verify the facts. As Hunt emphasizes, “The truth is always there in the data. It’s just a question of analyzing it.”
Addressing the Misinformation Problem
Addressing the problem of cyber breach misinformation requires a multifaceted approach involving skepticism, due diligence, and transparency. Here are some strategies to consider:
Until there is concrete evidence to support a breach claim, it should be treated with skepticism. Journalists and security professionals should rigorously verify the details of reported incidents before disseminating them widely. Asking threat actors to prove their claims and examining the data for indicators of legitimacy can help uncover the truth.
Companies that experience breaches or are the subject of false breach reports should prioritize transparency. Shining a light on incidents and collaborating with cybersecurity experts and the government can help provide accurate information and reduce the leverage of threat actors. Callow suggests that “the more light can be shone on it, the better.”
Media outlets and security researchers have a responsibility to report breaches accurately and responsibly. Avoiding sensationalism and focusing on verified information can help mitigate the spread of misinformation. Journalists should balance the public’s right to know with the potential consequences of aiding criminals through unverified reports.
Ultimately, reducing the incidence of breaches is the most effective way to address the misinformation problem. Companies should invest in robust cybersecurity measures, including regular security assessments, vulnerability scans, and employee training. Adopting best practices and frameworks, such as those provided by the National Institute of Standards and Technology (NIST), can help organizations develop effective incident response strategies.
Conclusion
The rise of cyber breach misinformation presents significant challenges for organizations, cybersecurity professionals, and the public. False or misleading reports create confusion and hinder effective responses to genuine threats. Addressing this issue requires a concerted effort to promote transparency, verify information, and enhance cybersecurity measures. As we navigate this complex landscape, it is crucial to remember that the truth lies in the data, and rigorous analysis is essential to uncovering it. Personally, I believe that by fostering a culture of transparency and collaboration, we can mitigate the impact of misinformation and create a more secure digital environment.