The Dark Triad brings together three types of online cyber attacks: hacking, misinformation, and trolling. While they can each work independently, they usually feed off each other and become especially potent when working in concert.
Last week, New York City Mayor Bill de Blasio warned residents of a widespread Twitter and text-message misinformation campaign falsely claiming Manhattan was under quarantine.
Around this time, U.S. Attorney General William Barr and U.S. attorneys from various states were also warning residents of spear-phishing emails, fake websites, local phone area code or neighbor- spoofing calls, and text messages making all manner of fake claims.
Some of these attacks were offering free COVID-19 tracking apps only to inject malware; others were spoofing websites such as Johns Hopkins University's website and providing false information; some others were calling and texting residents offering free iPhones, groceries, treatments, cures—and whatever else—preying in our collective anxieties during this pandemic. And this wasn't just happening in the U.S. Similar attacks being reported in Australia and the European Union.
What is the Dark Triad of Cyber Attacks?
The common thread that connects all of these attacks—they are all part of the Dark Triad. You can think of the Dark Triad like a triangle that touches upon each type of security vulnerbility at each tip or side. Cyber attacks consist of misinformation, hacking, or trolling to various degrees. Many times a hacker will use one of these, or often times a combination of each of the three to varying degrees. The idea isn't to incite fear, rather think of it as a way to train and make people aware of how cyber criminals achieve their goals.
We saw the triad at work together during our last presidential election when the Russians hacked into the Democratic National Committee (DNC), used the stolen data to seed misinformation websites, and organized a trolling campaign to reframe, retweet, and relentlessly disseminate the information throughout the U.S. Although it is easy to think of each of these types of attacks as individual vectors, thinking of them as parts of a whole makes it easier to appreciate their impact—and, most importantly, deal with them.
Social Media Helps Cyber Criminals
The triad feeds on fake profiles on social media, phone numbers, and email addresses. For instance, in Erie County, New York, someone impersonated a local TV station and tweeted fake news about the virus. Such attacks are elementary to foment, given the easy access everyone has to social media and VoIP services.
We have left the responsibility of curating content and profiles to individual media organizations, almost all of whom have resorted to internal processes. Their process involves some automation but, given the nuanced and equivocal nature of the content, they primarily rely on human curators, whom they employ by the thousands.
But even during normal circumstances, the process was found lacking. Now, many content curators are at home, and most aren't even allowed to do their work because of the offensive, sensitive, and graphic nature of the content they deal with. This means at the time when social media matters the most for users; its content is most vulnerable to misuse.
Why We Need a Centralized Repository
Instead of creating individual, organizational silos of vital information, we need these organizations to come together and coordinate their efforts. Media organizations should create a centralized data repository in which they pool their profile and content data. This database should be accessible to researchers and other media organizations, especially the regional and local media houses that don't have the depth in technical skills or human resources to keep track of ongoing attacks. A centralized repository of profiles and phones being spoofed would allow us to identify attacks before they become widespread and to inform local agencies and residents.
Barr has asked Americans to report COVID-19 related cyber-attacks to the National Center for Disaster Fraud (by calling 1-866-720-5721 or by emailing [email protected]). But there are already many other federal and local agencies collecting similar reports. This includes the FTC and the purpose-built reporting portal of the FBI's IC3, among many others.
Having users report on various portals needlessly duplicates efforts, not to mention, wastes resources, and confuses users. These efforts also need to be unified. Just as social media profiles and phone numbers are reused, so are spear phishing email accounts, their persuasive ploys, and the malware they carry.
Centrally collecting reports and developing a consumer-focused information portal allows us to track attacks, identify the most virulent ones, and provide support to users—all of who are working from home networks without the benefit of professional IT support.
But all that aside, what can IT and security teams do to proactively protect their end-users?
Steps for IT and Security Teams to Consider
What is essential to consider is that the personal security of a company's employees is now as important as ever to the security of any IT infrstructure. For example, if employees are succumbing to phishing attacks in their personal lives, chances are they are a vector for attack when they are conducting business. One problem that often arises is using the same passwords for personal and business accounts. If one password is compromised, then the other is as well.
The best way to approach this is not to ridicule people who make these mistakes but to make sure that those who are more apt to fall for attacks within the dark triad are getting more rigorous training. You can do this by setting up tests. Partnering with services like KnowBe4, are a great way to understand how employees are interacting with misinformation, trolling, and phishing attacks via email. It may be smart also to include personal emails of employees in this type of program to see if employees are less vigilant when they are not working.
Then there is fortifying your business services, and applications while your employees work from home during the current crisis. Multi-factor authentication and Single Sign-On are both great ways to ensure that the authentication process for those accessing sensitive business data and infrastructure is more robust, rather than just relying on passwords. Another way you can help ensure that your business is protected is to try and eliminate as much shadow IT as possible. Employees working remotely may be more inclined to use their own hardware and software, but this causes an issue of visibility for IT and security teams. It's also a data compliance issue. Implement tools that will encourage effective and secure collaboration while ensuring business continuity.
Finally, at a time of anxiety, people turn to others for information and social support. It is, therefore, our responsibility to ensure that we don't forward along with false information—and give the oxygen necessary for the Dark Triad to function.
To this end, we must become vigilant about the information we encounter on our media feeds. We need to check the sources of information we receive, search online for other corroborating information, report malicious activity we encounter, and become responsible content curators for others in our sphere of influence.
We will, with our collective efforts, overcome this outbreak. For now, it's our responsibility to ensure that neither the virus nor the Dark Triad succeeds.
About The Author
Dr. Vishwanath studies the “people problem” of cybersecurity.
His research focuses on improving individual, organizational, and national resilience to cyber attacks by focusing on the weakest links in cyber security—all of us Internet users.
His particular interest is in understanding why people fall prey to social engineering attacks that come in through email and social media, and on ways we can harness this understanding to secure cyberspace. He also examines how various groups—criminal syndicates, terrorist networks, hacktivists—utilize cyberspace to commit crimes, spread misinformation, recruit operatives, and radicalize others.
You can learn more about Arun on his website https://www.arunvishwanath.us/ .