Disinformation and misinformation pose severe threats to businesses and governments. While the terms are often used interchangeably, they mean different things. 

According to the Cybersecurity & Infrastructure Security Agency (CISA), disinformation is false information spread deliberately to mislead or confuse enemies or manipulate public opinion. Misinformation is false information spread unintentionally. It may be mistaken for truth and involve selectively edited images, video or audio.

Artificial intelligence (AI) has exacerbated the disinformation and misinformation problem. AI advancements have made it even easier for cybercriminals to craft, assemble and disseminate false information designed to cause reputational damage and confusion.

The World Economic Forum’s Global Risks Report 2024 ranked AI-generated misinformation as the second-most severe global risk (53%) to emerge over the next two years. According to CrowdStrike and Bank of America’s Cyber Security Journal, disinformation campaigns have a few common themes:

• They target governments to undermine public confidence in their institutions and elections.
• They create false narratives to spread grossly distorted or false stories.
• They hijack legitimate social media posts by spamming the comments sections with false narratives. This gives the impression their fake narrative is public opinion and drowns out opposing viewpoints.
• They leverage content that triggers intense emotions to increase engagement and further spread the information.
• They sow discord by targeting and exploiting deep societal or political divisions.
• They use deepfakes or synthetic media to mislead people and make false information seem credible. Deepfake AI uses digital software, machine learning and face swapping to create convincing image, audio and video hoaxes.
• They use “content farms” or “content mills” to distribute deceptive content. Content farms generate massive quantities of low-quality web content designed to manipulate search engine optimization (SEO) algorithms. Content farms aggressively target popular search terms to drive web traffic to their fake sites.
• They use “botnets” to spread fake news, amplify scam content, drown out other voices and conduct smear campaigns. A botnet is a network of computers infected with malicious code that is controlled as a group without the owners’ knowledge or consent. According to the cybersecurity company Kaspersky, cybercriminals could control thousands or even millions of computers.

Sophisticated digital technology has made it much easier to fabricate and distribute information through various online platforms, like social media, blogs, forums and websites. This situation has led to a surge in disinformation as a service (DaaS), exploiting the vulnerabilities of the digital information ecosystem for profit and power.

What is DaaS?

You’ve heard of software as a service (SaaS). You probably use it as part of your business model. The “as a service” model is a turnkey solution, providing easy setup and use of software with less effort than if you did it yourself.

DaaS is a turnkey service that cybercriminals provide to other criminals. It gives fraudsters the keys to effective disinformation campaigns that are out-of-the-box solutions for chaos.

Just as legitimate businesses use SaaS to streamline their processes, cybercriminals use DaaS to spread false information efficiently. Fraudsters customize their DaaS campaigns using generative AI to provide convincing messaging rapidly. The objective is to influence public opinion through disinformation.

Disinformation campaigns are synonymous with politics, but corporations can be targets, too. DaaS campaigns can target high-profile executives with synthetic tech, like deepfakes. They can use a deepfake to commit a smear campaign on corporate branding, disrupting client confidence. 

DaaS can also be used to smear small businesses, disrupting their business relationships or standing in the community. This malpractice also raises ethical and broader societal issues like promoting hate speech or causing panic during crises. These can have disastrous effects.

How does DaaS help spread disinformation?

A chief danger of DaaS is that it enables cybercriminals to spread disinformation quickly and easily. DaaS and social media are a dangerous combination. Messaging spreads quickly and encourages people to click links back to fake websites, or “proxy websites,” made to look like legitimate sources.

It is difficult for cybersecurity professionals to keep up with the volume of content being created every day. This makes it increasingly hard to distinguish between legitimate and fake news.

A DaaS campaign can be launched by organized crime groups, nation-states or individual hackers hired to generate and distribute content rapidly. This might include fake news, deepfake videos, spam emails and even false positive reviews for products or services. 

Social media platforms have very granular demographic profiles to create tailored campaigns, which helps spread disinformation. Criminals leverage algorithms and content to target individuals based on online behavior to ensure their disinformation messaging engages and influences them.

Spreading false information to tarnish a company’s reputation can lead to dire consequences. It can swiftly result in a loss of consumer trust, tarnished brand image and financial damage. 

DaaS campaigns can even manipulate public opinion to incite a market selloff of stock shares. If a DaaS infiltrates an organization, the disinformation could manipulate upper management and lead to unwise business decisions. It can be hard to undo a false narrative once ingrained.

Mitigating emerging DaaS threats

Add disinformation attacks to your cybersecurity plan, including mechanisms to identify and deal with disinformation attacks. AI and machine learning algorithms can help detect unusual patterns of communication or information spreading across the internet. This may indicate a disinformation campaign against your company or partners.

Train your employees about DaaS and how to distinguish between genuine information and disinformation. Remember, reputable fact-checking sites present an objective take on the topic, providing vetted sources and nothing more. Your employees can fact-check stories using neutral, nonpartisan sources such as:

• AP Fact Check
• FactCheck.org
• Interactive Media Bias Chart
• MediaBias/FactCheck
• OpenSecrets
• PolitiFact
• Snopes
• VoteSmart

Build collaborative partnerships with technology firms, cybersecurity agencies and professional communities to create a united front against DaaS threats. CISA has resources on various topics.

Develop a public relations strategy for a disinformation attack. Your plan should address a response strategy to debunk false information and reassure stakeholders. And report disinformation attacks to CISA so they can dismantle disinformation campaigns.

Disable disinformation attacks

DaaS has seen a considerable uptick due to AI-powered tools that allow criminals to deploy disinformation attacks rapidly. Being proactive about cybersecurity, training employees and including disinformation in your company’s cybersecurity incident response plan are good first steps. Building awareness about the damaging effects of disinformation can help you stay cyber safe and one step ahead.