Artificial intelligence (AI) is revolutionizing the business landscape, offering unprecedented efficiency and insight. However, it is also being harnessed by cybercriminals to launch sophisticated cyber attacks. The integration of AI-generated misinformation and disinformation into attack strategies has given rise to a new breed of cyber threat known as the narrative attack.
The World Economic Forum’s annual global risk report highlighted the potential of AI-enabled misinformation and disinformation to destabilize industries and undermine institutions. Disinformation campaigns can manipulate markets, destabilize organizations, and erode trust in public institutions. Bad actors now use large language models, deepfakes, and bot networks to craft persuasive false narratives that exploit biases and erode trust, setting the stage for cyber attacks.
I spoke with Jack Rice, a defense attorney and former CIA case officer, who emphasized the dangers of misinformation and disinformation and provided defense strategies for business and organization leaders. Rice explained that false information aims to sow division in society to gain influence and control, exploiting people’s existing beliefs and biases.
Disinformation-amplified cyber attacks unfold in several phases. It begins with extensive reconnaissance of the target organization or sector, identifying vulnerabilities and fears to exploit. Attackers then craft a disinformation-based narrative designed to manipulate emotions and erode trust. The false narrative is seeded through credible vectors like social media and news outlets, often amplified by bot networks. Cybercriminals launch their technical attack when the target is weakened by disinformation, and even after the attack ends, they continue to spread disinformation to magnify the damage and sow further confusion.
Notable examples of cyber attacks amplified by disinformation include the 2021 ransomware attack on JBS, where attackers demanded a ransom and spread panic among stakeholders and the public. Another example is a phishing campaign targeting UK charities in 2022, where attackers used bespoke disinformation to enhance their phishing attempts, increasing the likelihood of successful breaches.
To defend against AI-enabled disinformation, organizations must have robust narrative intelligence platforms that monitor the digital landscape for emerging narratives. AI-driven systems can detect anomalous activity and narrative patterns in real time, enabling proactive defense. Employee awareness and training are crucial, focusing on recognizing and responding to disinformation, especially in phishing attempts. Regular audits of digital assets and communication channels help identify vulnerabilities.
Businesses should also prioritize cross-sector partnerships, sharing information and mitigation strategies to stay ahead of bad actors. Engaging with academic institutions can provide valuable insights and technologies for preventing disinformation threats.