TIPS #28: The Cost of (Mis)Information, Manipulation, and Misuse

Issue: In modern business, information is an essential asset that threat actors frequently target, exploit, steal, and manipulate. Protecting and verifying information requires comprehensive risk management and security measures beyond traditional controls.  

In today’s hyperconnected global markets, information is both a business-critical asset and a potential weapon.  

We live in an era of sophisticated AI deepfakes, third-party data and systems, and evolving markets where information is often the target of manipulation and misuse. Adversaries including malicious insiders, organized hacking rings, and state sponsored cyber mercenaries can exploit privileged or manipulated data to gain unfair advantages.  

Examples of this exploitation include: 

• Executing financial trades milliseconds ahead of large legitimate orders for financial gain (frontrunning) 

• Trading securities using material non-public information for financial gain (illegal insider trading) 

• Sabotaging company infrastructure or leveraging insider access for gain via subversion/coercion 

• Deploying AI deepfakes to manipulate employees, infiltrate companies via hiring processes, or sway markets 

• Weaponizing disinformation and spreading misinformation via social media to manipulate stock prices and erode brand trust 

Information-based threats straddle both technical and strategic domains, calling into question essential principles of integrity and trust. CISOs and security teams must take a comprehensive view of information risk management- across both internal and external data and systems- to ensure their companies protect and act upon verifiable, trustworthy information.  

This requires controls that extend beyond traditional network, data, endpoint, and identity security. While these capabilities are essential, they don’t typically account for the unique risks posed by AI-generated content, opaque vendor systems and data, and workflow automations dependent upon public or third-party data.  

Impact: Flash Crashes, Brand Erosion, Financial Losses, and Regulatory Violations 

When targeting company information or systems, cyber threat actors typically pursue three core objectives: to subvert, sabotage, or steal. In doing so, they employ many social and technical tactics which can cause: 

• Financial and market damage: Illicit financial trades and subversive actions involving stolen or fabricated data can lead to millions of dollars in firm or customer losses and trigger multibillion dollar market swings. 

• Reputational harm: Brand sabotage, disinformation, and subversion campaigns can erode customer trust and benefit competitors. 

• Regulatory costs: Firms can face steep fines and regulatory enforcement when their systems- including third-party resources they rely upon- enable illicit information use. Key regulations include those from the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). 

Case studies 

Here are a few notable case studies from the past several years showcasing how information can become a weapon:  

$136.5B Market Dip Triggered by Social Media Disinformation 

In April 2013, a false tweet from a hacked Associated Press account claimed that there were explosions at the White House, briefly wiping out $136.5 billion from the S&P 500 in under three minutes. The market swing was driven by algorithmic trading bots which automatically reacted to the disinformation and executed trades.  

$30M Insider Trading via Press Release Theft 

In 2015, the DOJ charged nine individuals in a large hacking and securities fraud scheme. Between 2010-2015, the group stole approximately 150,000 confidential press releases from Marketwired, PR Newswire, and Business Wire ahead of their scheduled distribution. After stealing the press releases, the group executed trade orders using non-public financial information, generating over $30 million in illegal profits.  

$47M Frontrunning Scheme 

In 2022, the SEC announced fraud charges against two U.S. citizens for perpetrating a multi-year frontrunning campaign. Between 2016 and 2022, one of the perpetrators, an employee at a major asset management firm, regularly informed the other perpetrator of the firm’s market-moving trades in advance of their execution. The duo netted over $47 million through illicit trades.  

$25M AI Deepfake Fraud 

In early 2024, a novel deepfake scam which cost British multinational engineering firm Arup $25 million was uncovered. A Hong Kong-based employee at Arup received a phishing message supposedly from the company’s CFO. The employee then joined a video call where deepfakes of the CFO and other employees convinced them to make 15 transfers totaling over $25 million to several Hong Kong bank accounts.  

Action: Strengthen your information risk management posture to address internal and third-party threats.  

1. Implement Real-Time Data Monitoring and Posture Management 

Deploy analytics on inbound news feeds and trading signals to detect anomalous correlations between external events and system-generated orders. Symmetry Systems helps companies discover, classify, and safeguard data at scale with its Data Security Posture Management (DSPM) platform, protecting sensitive customer and financial data against cyber threats while ensuring regulatory compliance. 

2. Harden External Feed Integrity and Deploy Disinformation Detection 

AI deepfakes, disinformation, and misinformation can undermine the last line of defense- human perception. Enforce strict authentication (TLS, JWTs, API keys) and integrity checks (digital signatures) on market data, social media feeds, and vendor-provided information to prevent spoofing or hijacking. In addition, leverage AI-powered natural language analysis to flag high impact linguistic anomalies (like “explosions” or “injured”) in news sources and require human validation before automated actions. 

GetReal Security helps companies detect and mitigate malicious generative AI threats to restore trust with advanced content verification capabilities designed to stop the latest deepfake and impersonation attacks.  

3. Enhance Insider and Third-Party Controls 

Extend least privilege and supervised review workflows to systems ingesting sensitive information, including partner APIs and cloud hosted services. 

RAD Security’s AI workflows continuously gather and analyze threat data to protect cloud and AI deployments as companies grow.  

SPHERE empowers companies to mitigate risk across the entire identity perimeter, delivering full identity visibility and eliminating permissions sprawl.  

4. Integrate Incident Response and GRC 

Codify information-driven risk scenarios like flash crash drills into tabletop exercises and ensure IR playbooks cover both cyber and market conduct violations. Surefire Cyber helps companies create, assess, and implement IR playbooks and plans to prepare for incidents including insider subversion, data theft, ransomware, and email compromise.  

5 .Continuous Compliance and Auditing 

Financial services firms should schedule regular reviews of trading and communications logs in comparison to regulatory enforcement action patterns to self-detect emerging risks. Hyperproof helps firms understand FINRA compliance gaps and keep up with regulatory changes while reducing evidence collection and audit preparation workloads. 

Pat Opet’s quote is derived from An open letter to third-party suppliers  and incorporated with his permission.