Mitiga at RSAC 2025: Visit our booth, attend our speaking sessions, and schedule a meeting with us!

Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Resource Library

Monthly Threat Intelligence Insights: PSYOPS in Cyber Security

This month, Ariel Parnes, our Co-founder and COO, is exploring cyber-psychological operations and their impact on cyberattacks.

Video Transcript

Hi everybody and welcome to Mitiga's Monthly Threat Intelligence Insights Report. Today I'm going to delve into the realm of psychological operations within cyber crime. Psychological operations also known as PSYOPS is a military term that refers to the use of information to shape the opinions, emotions, and actions of a chosen target group.

The term comes from the military theory, but the concept is well known also outside the military arena. When in the famous movie The Godfather Luca Brasi left a horse's head in Woltz’s bed, he was trying to use information to shape the actions of a chosen target. I'm not sure he knew that, but he was conducting a psychological operation.


How can Psychological Operations be used in Cyber Security?

Now, how is that related to cyber security? Well, in the digital age, generating content or information and pushing it to a chosen target is actually one click away. So more and more threat actors are integrating this powerful tool in their cyber attacks to shape opinions, emotions, and actions of a chosen target.

Ransomware and extortionware attacks are the natural ground for psychological operations. When the attackers leave text files which carry messages demanding ransom or else, this is a psychological operation. When they publish a sample of sensitive data demanding ransom to avoid the publication of the rest of the data that they have, this is a psychological operation.

Dealing with Ransomware Attacks

A couple of months ago we at Mitiga dealt with a ransomware attack in which the attacker broke into the victim's Slack and used Slack messages to threaten the security team and force them to stop the investigation and pay the ransom.
         
Luckily enough we were able to proceed with the investigation using the forensic data lake that we created and managed for the customer before the attack happened in our own environment. We provided a full analysis of the attack and the extent of data exposure within only a couple of hours. This allowed the customer to assess the risk and prevented them from paying the ransom. The psychological operation in this case failed.

PSYOP Attack on MGM

Lately we have been made aware of a new large scale attack, this time on MGM Resorts. In September 2023, a cybercrime group known as ALPHV, or BlackCat, launched a ransomware attack on MGM, leading to a large shutdown of computer systems at casinos and hotels across the US and compromising sensitive customer data.

What is interesting about this cyber attack, however, is the fact that shortly after MGM Resorts notified the public about the attack, the attackers chose to release a statement on their leak side detailing their method of attack the scope and depth of their access mocking the failed response of the MGM security team and saying that they launched the ransomware attack, quote “...after trying to get in touch with MGM but failing.” It is clear that criminals were trying to sow chaos and confusion among different MGM stakeholders, probably trying to shape their actions.

New SEC Regulations on Cyber Security

The threat actor was definitely conducting a psychological operation. Threat actors are already using psychological operations, but we should expect to see that more. New regulations such as the SEC cyber security disclosure requirements are putting pressure on organizations to disclose cyber attacks sooner. This is a good thing as it will help raise awareness of cyber crime and make it more difficult for attackers to operate with impunity. However, the new regulations may also incentivize attackers to use psychological operations to their advantage. For example, attackers may threaten to release information about the attack before the victim reports to the regulator, putting in risk the victim's compliance and reputation.

How to Defend Against Psychological Operations?

So is there anything we defenders can do against it? Well, we cannot really prevent the attackers from launching psychological operations, we can minimize their impact by preparing ahead of time, using the same ingredient that they use: information. The ability to rapidly and clearly lay out what happened, when, how, and where… shortly after an attack is detected allows the defender to create a counter-narrative to the one proposed by the attackers, which usually can lead to reducing, or sometimes even completely preventing the effect of the psychological operations.

At Mitiga we developed a solution that allows us to investigate and provide answers to these questions within minutes, enabling a rapid and efficient response during crisis.

To learn more about our IR2 solution hit the link to visit our website.

Video

Cloud Threat Hunts Explained

Explore cloud threat hunts, their importance, and how they help detect and mitigate security risks in cloud environments. Learn more with Mitiga's insights.