Security Experts:

Connect with us

Hi, what are you looking for?



The Next Big Cybercrime Vector: Social Media

Social Media Security Risks

Social Media Security Risks

With attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data protection, and intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out via social media channels.

Social networks such as Facebook, LinkedIn, and Twitter have become ubiquitous. They help us connect with friends and family, find jobs, share experiences, promote personal interests and business offerings. Social networks have also become a powerful political tool, as the uprising in the Middle East has demonstrated.

Government and businesses around the world now recognize the power and benefits of social networks for mass communications, news distribution, as well as promotion of products and services. However, when combined with social engineering efforts, they also have a dark side and pose a tremendous risk to organizations in today’s interconnected world.

A good example was “Newscaster” or “Charming Kitten” cyber-attack, which made headlines earlier this year. The attack, according to a report by threat intelligence provider iSIGHT Partners, originated in Iran and targeted primarily senior U.S. military and diplomatic personnel, congressional personnel, Washington D.C. journalists, think tanks, defense contractors, and United States allies overseas. This state-sponsored attack used fake personas on social networking sites (e.g., Facebook, LinkedIn, Twitter, Google+) to establish trust relationships that were later exploited to distribute malware designed to steal passwords and sensitive information. Based on the findings, the attack managed to go undetected from at least 2011, and some of the malware continues to go undetected by many signature-based security tools.

Social media cyber war is nothing new though. As a matter of fact, the first reported incidents date back more than a decade when hackers in St. Petersburg shut down the website of a nuclear power plant and spread a rumor via social media outlets that a nuclear melt-down had occurred. The incident caused a major panic until it was declared to be a hoax.

Since then, due to the mass adoption of social networks, the risk posed by social media has increased dramatically.

According to Symantec’s 2014 Internet Security Threat Report, the primary motive behind social networking attacks is monetary gain. The report outlines that phishing attacks are evolving, “moving further away from email and into the social media landscape.” Nonetheless, the same techniques that security professionals have observed in phishing and spam emails are being leveraged in social media campaigns. These include, but are not limited to

• Fake Offers, which often requires the user to share credentials;

• “Likejacking”, whereby fake “Like” buttons install malware to ultimately gain access to the user’s computer;

• Fake Plug-ins, tricking users to download fake Internet browser extensions, which can pose as legitimate extensions, but in reality steal sensitive information from the infected machine; and

• Fake Apps, tricking users to install a supplemental application that appears to be integrated for use with a social network, but is used to steal access credentials.

According to Symantec, fake offers accounted for the largest number of social media based attacks in 2013, with 81 percent, compared with 56 percent in 2012.

Despite the increased frequency of these attacks, the risk level associated with social media threats has yet to reach its zenith. Most businesses are still struggling with the fundamentals, such as creating enforceable social media policies for their employees. Social media warfare will only accelerate the need to manage this new threat vector.

To address social media risks, there are a number of steps organizations can take, including:

1. Expand User Awareness Training

While social media attacks rely on the same lures seen in phishing and spam emails, it is important to expand an organization’s end user security awareness training programs to cover the social engineering methods and techniques used in social networks. Users should be taught to be wary of social media requests from unknown individuals and provided with safety guidelines on how to use social networks in their work environment.

2. Create a Social Media Policy

Beyond extending an organization’s security awareness training program, create a social media policy for employees. A social media policy can be a first line of defense to mitigate risk for both the organization and the employee. While many organizations may already have a confidentiality agreement in place, it might not be enough in the context of social media threats. Adding a few lines in the employee handbook to clarify that the confidentiality agreement covers employee interactions on social media sites and cross-reference to the security awareness training program might suffice. It is preferable, however, to create a separate social media policy that is accessible to employees so they are aware of its existence.

3. Leverage Social Media Threat Intelligence

Security professionals sometimes neglect threats as part of risk assessments to focus on known, more visible facts – vulnerabilities and control failures. However, as the volume of vulnerabilities that an organization is exposed to has exploded over the last years, it has become almost impossible to remediate all of them without vetting the impact and likelihood of exploitation. Since threats are used to take advantage of vulnerabilities, they are essential in the risk assessment process and can no longer be treated as a neglected step child.

Therefore, security operations teams should leverage threat intelligence to gather insight into the capabilities, current activities, and plans of potential threat actors (e.g., hackers, organized criminal groups, or state-sponsored attackers) to anticipate current and future threats. Some commercial threat intelligence services now provide offerings that focus specifically on social media threats which provide early warning indicators when it comes to social network attacks.

For all the benefits that social media networks provide, organizations must recognize that they present a double-edged sword when it comes to security. Therefore, a pro-active approach is necessary to prevent social media from becoming the next big cyber-crime vector which puts an organization’s brand at risk.

Related Reading: Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...