With attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data protection, and intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out via social media channels.
Social networks such as Facebook, LinkedIn, and Twitter have become ubiquitous. They help us connect with friends and family, find jobs, share experiences, promote personal interests and business offerings. Social networks have also become a powerful political tool, as the uprising in the Middle East has demonstrated.
Government and businesses around the world now recognize the power and benefits of social networks for mass communications, news distribution, as well as promotion of products and services. However, when combined with social engineering efforts, they also have a dark side and pose a tremendous risk to organizations in today’s interconnected world.
A good example was “Newscaster” or “Charming Kitten” cyber-attack, which made headlines earlier this year. The attack, according to a report by threat intelligence provider iSIGHT Partners, originated in Iran and targeted primarily senior U.S. military and diplomatic personnel, congressional personnel, Washington D.C. journalists, think tanks, defense contractors, and United States allies overseas. This state-sponsored attack used fake personas on social networking sites (e.g., Facebook, LinkedIn, Twitter, Google+) to establish trust relationships that were later exploited to distribute malware designed to steal passwords and sensitive information. Based on the findings, the attack managed to go undetected from at least 2011, and some of the malware continues to go undetected by many signature-based security tools.
Social media cyber war is nothing new though. As a matter of fact, the first reported incidents date back more than a decade when hackers in St. Petersburg shut down the website of a nuclear power plant and spread a rumor via social media outlets that a nuclear melt-down had occurred. The incident caused a major panic until it was declared to be a hoax.
Since then, due to the mass adoption of social networks, the risk posed by social media has increased dramatically.
According to Symantec’s 2014 Internet Security Threat Report, the primary motive behind social networking attacks is monetary gain. The report outlines that phishing attacks are evolving, “moving further away from email and into the social media landscape.” Nonetheless, the same techniques that security professionals have observed in phishing and spam emails are being leveraged in social media campaigns. These include, but are not limited to
• Fake Offers, which often requires the user to share credentials;
• “Likejacking”, whereby fake “Like” buttons install malware to ultimately gain access to the user’s computer;
• Fake Plug-ins, tricking users to download fake Internet browser extensions, which can pose as legitimate extensions, but in reality steal sensitive information from the infected machine; and
• Fake Apps, tricking users to install a supplemental application that appears to be integrated for use with a social network, but is used to steal access credentials.
According to Symantec, fake offers accounted for the largest number of social media based attacks in 2013, with 81 percent, compared with 56 percent in 2012.
Despite the increased frequency of these attacks, the risk level associated with social media threats has yet to reach its zenith. Most businesses are still struggling with the fundamentals, such as creating enforceable social media policies for their employees. Social media warfare will only accelerate the need to manage this new threat vector.
To address social media risks, there are a number of steps organizations can take, including:
1. Expand User Awareness Training
While social media attacks rely on the same lures seen in phishing and spam emails, it is important to expand an organization’s end user security awareness training programs to cover the social engineering methods and techniques used in social networks. Users should be taught to be wary of social media requests from unknown individuals and provided with safety guidelines on how to use social networks in their work environment.
2. Create a Social Media Policy
Beyond extending an organization’s security awareness training program, create a social media policy for employees. A social media policy can be a first line of defense to mitigate risk for both the organization and the employee. While many organizations may already have a confidentiality agreement in place, it might not be enough in the context of social media threats. Adding a few lines in the employee handbook to clarify that the confidentiality agreement covers employee interactions on social media sites and cross-reference to the security awareness training program might suffice. It is preferable, however, to create a separate social media policy that is accessible to employees so they are aware of its existence.
3. Leverage Social Media Threat Intelligence
Security professionals sometimes neglect threats as part of risk assessments to focus on known, more visible facts – vulnerabilities and control failures. However, as the volume of vulnerabilities that an organization is exposed to has exploded over the last years, it has become almost impossible to remediate all of them without vetting the impact and likelihood of exploitation. Since threats are used to take advantage of vulnerabilities, they are essential in the risk assessment process and can no longer be treated as a neglected step child.
Therefore, security operations teams should leverage threat intelligence to gather insight into the capabilities, current activities, and plans of potential threat actors (e.g., hackers, organized criminal groups, or state-sponsored attackers) to anticipate current and future threats. Some commercial threat intelligence services now provide offerings that focus specifically on social media threats which provide early warning indicators when it comes to social network attacks.
For all the benefits that social media networks provide, organizations must recognize that they present a double-edged sword when it comes to security. Therefore, a pro-active approach is necessary to prevent social media from becoming the next big cyber-crime vector which puts an organization’s brand at risk.
Related Reading: Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation