Companies and high-profile individuals are using cyberattacks as a way of discrediting and disrupting their competitors, says Richard Frost, Head of Technology and Innovation at Armata Cyber Security
Cybercrime has been weaponised for years. Companies use hackers to infiltrate competitors and steal data or ruin their reputation.
Fake news and false information are disseminated to erode customer trust. Online smear campaigns are designed to give one company or high-profile person an edge over another.
These cases aren’t as rare as they sound, and they are evolving – the hacks themselves are being used to discredit and disrupt.
False accusations, witch hunts, and distractions – these are some of the core approaches that can be used to damage a competitor or a high-profile person.
Also read, Cybersecurity: Why Hacking yourself Regularly is the Best Way to stay safe
It doesn’t matter whether the company taking credit perpetrated the attack. Their goal is to cast a shadow, to create deeper disruption, and it often works.
False accusations are perhaps one of the most insidious. A company blames someone for a successful attack, creating a witch hunt which has the media and investigators digging into their business and activities.
One of the most well-known cases of such an attack was when the hacking group Anonymous accused a Canadian man of attacking Amanda Todd online.
After a lengthy investigation, the man was cleared, but not after the incident had caused significant damage to his life and reputation.
On the corporate side, ExxonMobil was accused of commissioning hackers to target climate activists, claims that lacked definitive proof.
But what about hacks used as a form of misdirection in a move that’s as old as the Colosseum? There are several notable examples of how hacking accusations were used to misdirect others and distract from other activities.
The Sony breach false claim in 2023 is a prime example. A ransomware group claimed to have hacked the company and stolen information, which had a serious impact on Sony’s reputation.
While Sony did prove the claims were false, the damage had alreadybeen done. Epic Games experienced a similar attack in 2024 when a Russian hacking group made the same claim.
Epic rapidly proved them wrong, but the hacking group got what it wanted – credibility among its peers.
These acts of misdirection and fake claims always have a motive. Money, notoriety, reputational damage or gain, manipulating markets and bringing down a competitor.
While the hack has the headlines, people are too busy watching to notice what is happening in the background. It’s a similar tactic used by cybersecurity companies.
Some tools allow security teams to misdirect attacks. These dummies keep the threats away from the primary systems, distracting them while teams orchestrate a defence.
Then there’s the other element to these attacks. Companies use them to get information from their competitors so they can gain a market advantage.
The Industrial Spy marketplace is exactly what it says on the tin, for example, a marketplace that sells stolen trade secrets to companies willing to pay.
Their packages can cost in the millions. KnowBe4, a security training awareness company, discovered that its new employee was an operative pretending to be a software engineer.
The moment they received their Mac workbook, they started to plant malware in the company. While this example isn’t quite in the same lane as corporate espionage, it was a crime committed by a state operative from North Korea to infiltrate and tear down a US company.
What makes these attacks increasingly vicious is how they’re being twisted to fit new motives or to protect companies from being indicted.
Companies are employing dirty tactics to stay ahead of the game and divert suspicion. Like, getting the hackers to attack them as well as their competitor, so they can claim they had nothing to do with it.
Then, potentially turning accusations around back on their competitors to suggest they were responsible in the first place.
One hand is waving, so the other hand can’t see what’s happening, and the permutations are only growing more convoluted and sophisticated.
Organisations need to pay attention to these threats, recognising that they are introducing complex new ways of affecting business and reputations.
Defending against them needs accurate records, superb security support and visibility into the entire business ecosystem.
Don’t miss important articles during the week. Subscribe to techbuild weekly digest for updates
Click Here For The Original Source.
