Cybersecurity in Election Season: What to Know
Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from Research, News, and perspectives, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.
Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.
Deepfakes and AI-Driven Disinformation Threaten Polls
With the US Presidential election coming up in November, we will see extensive amounts of misinformation campaigns occurring, and this is likely to be done by nation/states, social media influencers, and even campaigns themselves. We’ve seen this done in past elections, so it isn’t a stretch to think this won’t happen again.
The difference today is that many people now use the Internet and/or social media to get their news and information, which has allowed these misinformation campaigns to flourish. Another challenge is adversaries taking over accounts and websites, which can allow them to share their message with the subscribers, customers, or visitors of these places. Hacktivism is on an uptick due to both the Ukraine/Russia and Israel/Hamas conflicts, both of which will be key topics in the upcoming election, and these groups will want to insert their messages into the news.
Technology like AI and Generative AI (GenAI) allows anyone, anywhere in the world, to utilize it to support misinformation campaigns. GenAI can be used to create information in any language, so non-English speaking people can easily create an English-based piece of content that they can share. Note the goal of the person or group is not flawless content production. Analysts and the educated public can usually tell that a particular video or voice is deepfake now. However, their target audience is often distracted by the way they consume news and information in general, which is often from the small screen of the mobile device. They also tend to share very emotionally provoking content quickly. So, even poor-quality deepfakes have viral potential, as they quickly spread and influence a significant portion of the common public.
One of the potential biggest changes compared to the previous elections is the accessibility of AI has significantly grown, and the cost of access to AI technologies, primarily related to the manipulation of digital media, permits non-resourceful players to jump in. The line between manipulation and jokes will be very thin, and the costs of potential misinformation campaigns are affordable to ordinary people and the SMB segment, not just large corporations and state-sponsored actors. This gives significant opportunities to conduct False Flag operations and have initial investigations exposed to individuals and small business entities instead of governments who may be looking to orchestrate this.
Learn more in our blog, "Deepfakes and AI-Driven Disinformation Threaten Polls "
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
We previously published a number of entries discussing the operations of a China-linked threat actor we track as Earth Lusca. The group, which has been active since at least 2020 and has regularly changed its modus operandi, has been known to launch several different campaigns at the same time.
During our monitoring of this threat actor, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets. We attribute this campaign to Earth Lusca with high confidence based on the tools, techniques, and procedures (TTPs) we observed in previous research.
The attack campaign discussed in this report has likely been active between December 2023 and January 2024, with a file that contained a lure document discussing Chinese-Taiwanese geopolitical issues. This file was created just two days before the Taiwanese national elections and the document seems to be a legitimate document stolen from a geopolitical expert from Taiwan.
Earth Lusca remains an active threat actor that counts cyberespionage among its primary motivations. Organizations must remain vigilant against APT groups employing sophisticated TTPs. In particular, government organizations face potential harm that could affect not only national and economic security but also international relations if malicious actors were to succeed in stealing classified information. Meanwhile, businesses that fall prey to cyberespionage attacks might face a decline in customer trust and operational disruptions that in turn lead to financial repercussions.
Given Earth Lusca's penchant for using email, resorting to social engineering as one of its main avenues of infection, and capitalizing on relevant social and political issues as seen in this campaign, we advise individuals and organizations to adhere to security best practices, such as avoiding clicking on suspicious email and website links and updating software in a timely manner to minimize the chances of falling victim to an Earth Lusca attack.
Read more in our blog, "Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections "
How AI and Disinformation Will Affect Election Security
In a recent conversation with CNET, Jon Clay, VP of Threat Intelligence shared how digital literacy and distinguishing truth from AI-generated content is key as the US heads into the fall election. Read the full story here .
Recommended by LinkedIn
We Expand our AI-Powered Cybersecurity Platform to Combat Accidental AI Misuse and External Abuse
We are introducing new capabilities to protect every person accessing public or private generative AI services across organizations. The new elements in Trend Vision One™ – Zero Trust Secure Access (ZTSA) continue our leadership as the first vendor to focus on securing AI services as well as the people using them across the enterprise:
Building on years of using AI to better protect customers, the newly launched capabilities in Trend Vision One™ help to manage the human risks inherent in using AI. These arrive as additions to proven capabilities for contextualizing alerts and decoding complex scripts, powering threat-hunting queries that can help eradicate credential phishing, recommending customized response actions, and more.
Our experts also provided guidance to the US Cybersecurity and Infrastructure Security Agency (CISA) on possible revisions to its Zero Trust Maturity Model (ZTMM), which aims to help organizations secure emerging tech integrations in their projects.
Eva Chen: "Great advancements in technology always come with new cyber risk. Like cloud and every other leap in technology we have secured, the promise of the AI era is only powerful if protected. Our latest platform updates deliver new efficiencies to security teams and provide critical guidelines for AI use."
Read the full story here .
Rebalancing Cybersecurity For The Future
In a world where cybersecurity must balance innovation with strong principles, this metaphor from our CEO, Eva Chen, reminds us that security should enhance, not hinder, progress. Read more about Eva’s approach to keeping organizations secure here .
Innovist Callout
Innovist Club @ Black Hat 2024 Innovist Club Luncheon Session at Black Hat 2024: Eva presented alongside NVIDIA VP of Software Product Security, Daniel Rohrer, on securing next-generation AI data centers. The session reached maximum capacity, featuring a private discussion with customers about their cybersecurity concerns and collaborative solutions.
Before you go:
Innovist Club @ Black Hat 2024 Innovist Club Luncheon Session at Black Hat 2024:
Eva presented alongside NVIDIA VP of Software Product Security, Daniel Rohrer, on securing next-generation AI data centers. The session reached maximum capacity, featuring a private discussion with customers about their cybersecurity concerns and collaborative solutions.
Innovist Club @ Australia
Trend Micro Innovist Executive Think Tank focused on CISO and CFO Synergy, aiming to empower CISOs in communicating cyber risks effectively within their organizations.
Both ANZ events feature interactive executive coaching sessions, promoting collaboration between cybersecurity leaders and CFOs to drive business growth through digital transformation and cyber resilience.