In the recent cyberattack targeting Vodafone on Feb. 7, the telecommunications company's services were disrupted — including some emergency services in Portugal, such as ambulances and fire response teams.
However, the impact of this attack spread far beyond the temporary disruption to critical services: Propaganda and misinformation spread as a result of the growing polarization of the geopolitical environment during this time of cyberattacks and public unrest. Vodafone is among the private sector's latest victims to the damaging reputational impact of cybercrime — and it won't be the last.
The increasing sophistication of cyberattacks continues to cripple governments, companies, and critical services, with no end in sight. Coupling this with public anxiety around increased tensions among countries, cybercriminals have a frightening opportunity to disrupt the reputations of private critical-infrastructure companies, undermine public trust, and disseminate dangerous propagandic narratives.
People Are Talking
In the week following Vodafone's breach, conversations related to the company's cyberattack skyrocketed online. A rapid, real-time snapshot of the digital public conversation related to Vodafone Portugal showed that nearly 13,000 conversations reaching an audience of over 13 million users instantly produced a complex and critical debate regarding Vodafone. In the resulting digital sphere related to the affected company, three out of five conversations related to Vodafone and the cyberattack mentioned the attack or the resulting service failure. This is where hybrid information operations are most barbed — the reputational impact and discord generated in the aftermath of the digital conversation can often be more damaging than the incident itself.
Although large regions of the online conversation consisted of expected topics in the aftermath of a cyberattack — such as Vodafone employees informing individuals of the service failure and/or promoting other institutional messaging (17.8%) — other vulnerable narratives emerged quickly. Critical comments and conversations included clients complaining about the service interruption and in some cases demanding financial compensation (10.3%), and citizens blaming Vodafone Portugal and its CEO (8%). Unfortunately, however, the third-largest community of users consisted of citizens questioning the cyberattack and linking it with an alleged terrorist attack attempt at a Lisbon university (8%). Others included mockery of Vodafone (5.1%), while some users were concerned and fearful about the potential for additional attacks (3.6%).
In the case of Vodafone, the cyber incident created negative and often false sociopolitical perceptions and skepticism in Portugal — emphasizing and escalating a geopolitical risk that is often the objective of state threat actors. As the Russia-Ukraine tensions and combat continue to increase, so, too, will the number of carefully targeted cyberattacks aimed to generate confusion, hinder communications, and disrupt public confidence in key institutions.
Threats to Portugal and Ukraine are a foreshadowing of what is likely to emerge in other Western countries, with time. In late February, the FBI reported that US private sector companies should be prepared for state-sponsored cyberattacks by Russia.
The strategy behind cybersecurity attacks continues to evolve — in recent years, Russia has utilized "hybrid warfare" by combining cyberattacks and military activity. Russian military also continues to use information operations and information confrontation to create doubt and skepticism over truth. Now, with Russia's invasion of Ukraine underway, the implications of cybercrime during times of global and local crisis puts both private and public sector organizations in jeopardy against threat actors who will take advantage of this time of weakness, paranoia, public skepticism, and fear.
On Feb. 23, hundreds of Ukrainian computers were targeted with a data-wiping software attack that affected a government agency as well as a financial institution. The attack has spread outside the country. Though Russia is primarily being accused as the entity behind the cyberattack, any threat actor could take advantage of this time of confusion and uncertainty to execute attacks for financial or political motives.
Private companies — particularly those delivering critical services — must strategically prioritize responses and defenses against cyber threats. The key to a successful defense includes continuous threat detection for employees who are linked to critical infrastructure in industries such as energy, telecommunications, healthcare and financial services, among others. These industries and its employees are consistently identified as high-value targets in hybrid cyberwar operations.
How Do We Fully Prepare for These Attacks?
Reactivity is simply not enough. To fully prepare for possible attacks and to identify unknown vulnerabilities, companies must implement real-time monitoring for these reputational risks — including both before and after cyberattacks. As we look ahead to possible threats for the US and other countries in 2022, assessing the reputational damage and its derived security risks, as well as the propagandistic effect of the attack, will be an important part of informing an effective, data-driven threat response strategy.