Top 9 Social Media Threats
If 2014 is any indicator, security teams are in for a busy 2015. Attacks are only getting bigger and badder, in terms of scale, volume and method. Enterprises find themselves facing off against brand new attack vectors: most daunting among them — social media. Attackers exploit the virality and trusted nature of social networks to launch low cost, highly effective attacks, ranging from the technical to the behavioral, from phishing and malware to malicious impersonations. As security teams settle in for what will undoubtedly be a busy year, ZeroFOX has compiled a list of the top social media threats & attacks to watch out for in 2015.
1. Executive impersonations
Creating a fake account takes no more than 15 minutes and an internet connection. A well-made fake account can run amok on the social world: sending phishing links and malware to associates, slandering the company, launching social engineering attacks and scamming customers or employees. It’s an extremely low-tech, low cost, high reward attack in the hacker’s arsenal, and, with the rise of social media, it has skyrocketed in popularity. Keep an eye on your executive’s social media presence this year, and ensure all communications are executed from legitimate accounts.
2. Account takeover
An organization’s publicly facing accounts are the ultimate targets for attacks. Once in control of an account, an attacker can do serious damage, be it slander, malware or phishing dissemination, cybervandalism — like what happened to CENTCOM already this year — or even stock manipulation. Organizations must protect their social accounts like any other high-value asset. Two factor authentication and robust passwords are critical first steps, but organizations need to be actively monitoring their own accounts for indicators of compromise.
3. Watering hole phishing & malware
Social media has become the source for breaking news and trends, and attackers have quickly learned that virality on this scale is the most effective way to amplify the scope of an attack. By planting malicious links where users are interacting, discussing and sharing, attacks gain steam organically and touch a wide array of potential victims. To make matters worse, 75% of users’ social media passwords were the same as their email passwords. For an attacker, stealing credentials for anywhere online — dating sites, news subscriptions, music and video streaming, forums — is as good as getting a corporate password. The adversary no longer needs a targeted attack to breach an organization, they only need a well-timed catchy link and a social network.
4. Customer scams
Social media is an ideal venue for organizations to interact with customers, clients and prospects. Unfortunately, it’s an ideal venue for attackers to do the same. Malicious actors target an organization’s users by posing as customer support or offering fake discount codes. It is nearly impossible for the average user to distinguish between a coupon and a phishing or malware link. Organizations feel the pain down the road in the form of customer support calls and a shrinking base of loyal customers.
5. Corporate impersonations
The adversary may have a variety of things up their sleeve when they create a corporate impersonation. They could be scamming customers, connecting with and phishing employees, slandering the brand or building followers to “flip” the account. Organizations need to be watching social media for inappropriate usage of their logo, verbiage and brand when assessing all types of social media threats.
6. Information leakage
“Social media” is a difficult term to fully define. Most people’s immediate reaction is the big players — Twitter, Facebook, Pinterest, LinkedIn and Youtube. But the internet itself has gone social. Ben Solis’ excellent infographic, the Conversation Prism, is a good glimpse into just how much falls under social media threats. But it goes beyond even that — hackers are buying and selling personal information on their own deep web discussion boards and marketplaces. This includes email address, credit card numbers, personal health information and more. How much of you or your company’s information is publicly available on the social web? Even better question: how much is it selling for?
7. Planning of an attack
Employees, customers and marketers aren’t the only ones exposed to social media threats. Cyber criminals are conducting business on social media, planning attacks — be it DDoS, physical attacks, cyber defacement or hacktivism — coordinating their members and even sharing the occasional cat video. With the right tools in place, organizations can leverage social media as an early warning system, unlocking a treasure trove of attack data that could give security teams the edge.
8. Clickbait attacks
Have you ever seen a headline, in all caps, claiming something almost too amazing to be true? “DRUG COMPANIES HATE THIS DOCTOR WHO FOUND THE SECRET TO WEIGHT LOSS,” “WATCH THIS INSANE VIDEO OF A SHARK EATING A FISHERMAN!,” “APPLE IPADS 95% OFF TODAY ONLY!” “25 KILLED ON CRAZY ROLLERCOASTER EXPLOSION: VIDEO,” “LEAKED NUDES OF EMMA WATSON ARE HOT!” You get the drift. Sensationalist news stories and catchy headlines are common trends for seedy internet journalists — a tactic called clickbaiting. But cyber criminals have known this trick for all too long. By disguising a phishing or malware link beneath a fake news story and distributing it via social media, hackers prey on many fat-fingered and gullible users.
9. Hashtag/traffic hijacking
Chances are, your organization is on social media. For marketers, it’s revolutionary for launching marketing campaigns and reaching potential customers. But it’s just as easy for the attacker to flip the scenario and use your organization’s hashtags as a means to target your company, your employees and your customers. Attackers distribute spam or malicious links with an organization’s hashtags to amplify their message to the target audience. At the most basic level, this tactic hijacks internet traffic — diverting social media users from clicking on the actual corporate link. At worst, attackers phish your people or distribute malware on company hashtags.
How to Keep Kids Safe On Social Media (Excerpts)
Social networking websites, such as Facebook, Snapchat and Twitter are getting more and more popular – and their users are getting younger and younger. If your kids can’t stay away from social media, make sure you know how to keep them safe online.
Facebook, Twitter, Instagram, Snapchat … social media is everywhere. And no doubt your kids are becoming more and more obsessed with it by the day!
But as with everything in the virtual world, parents need to understand how their children are interacting on social networking sites, as well as potential dangers to be aware of.
Here’s a handy parent’s guide to social media, with plenty of advice on how to protect your child while they post/Tweet/Snapchat …
Social networking websites have exploded in recent years, and can be used to connect people in the virtual world, in both a personal and professional context.
Social networking sites allow registered members to set up personal profiles and then communicate with friends, and, if they choose, not personally known individuals who share their personal interests. Chat sites for teenagers are usually free to join and open to young people and adults (sites such as Facebook have a minimum age limit of 13 for registered users).
A user will have his own homepage, which details his personal details (age, location, marital status, for example) alongside a picture and other details about himself – the music he likes, his favourite movie, the football team they support, etc. He can then utilise his membership to send messages to friends, download games and applications, share photos and music downloads, and chat in real-time.
Users can also join groups, publicise events and invite other users to attend, or start their own blogs. In the case of Facebook and Twitter, they can also provide frequent status updates, broadcasting to those in their networks what they’re up to or how they’re feeling. Perhaps most importantly, members create a listing of friends which allows them to communicate online and gives mutual access to more private content (such as photos).
Privacy is always a concern for any communication exchange carried out online and children often do not understand the risks involved in giving out too much personal information on the Internet.
This is of particular worry when such information is given to an individual who your child doesn’t know personally; they may argue that someone is an ‘online friend’ but to all intents and purposes that person is effectively a stranger.
To many children the online world isn’t the same as the real world and they can often behave in a way they would never do face to face, and say things they would never say, leaving them much more vulnerable in an online environment.
They may also be less protective of personal details such as their mobile phone number or address, which could have undesirable implications for them.
Teenagers and young people need to be very wary of broadcasting events such as birthday parties or ‘the weekend mum and dad are away’ to their online friends.
There have been several cautionary headlines involving children who have posted details of house parties on social networking sites to find their event is gate-crashed by hundreds of unknown people, ending in chaos and police involvement.
This occurs when malicious comments are posted online about an individual and/or that user receives abusive messages or other content.
As social networking allows people to take on a different online persona, this can encourage individuals who wouldn’t be a bully in the real world to take part in unpleasant activities because their real identity can be covered up.
Another risk is that of cyberstalking, or harassment on the Internet. Experts have warned that this unpleasant practise is set to increase in the UK, with most victims being female.
Cyberstalking via social networking sites usually falls into three camps: where an ex pursues the victim because they are angry about a relationship break-up; where a relationship has been initiated online and personal information has been exchanged but that relationship has now soured and those personal details become vulnerable; or where someone is the random victim of a cyberstalker and their pursuer just gets a kick out of the malicious exploitation of online users – unfortunately often children.
The Internet provides access to all kinds of content at the click of a mouse – but not all of that content is suitable for children and young people to see. While you may have the appropriate parental controls set up on your computer your child may still be able to access inappropriate material if someone in their social networking circle makes it available to them.
The most distressing threat to a young person’s safety on social networking sites is that of online grooming. Sadly the possibilities for anonymity that the Internet offers means that paedophiles use social networking sites and chat rooms to befriend children and teenagers, gaining their trust online with a view to then making actual physical contact with that child.
Once a predator has gained the trust of a child they morph from ‘buddy to bully’, exposing children to inappropriate sexual imagery and content, and manipulating them into doing what they want.
Identity theft isn’t limited to adults and now that more and more children and young people are using the Internet regularly they are becoming more vulnerable to this very serious crime.
The naive posting of personal details on your child‘s social networking profile leaves them open to online identity theft so it’s absolutely vital your child never gives out personal details in any online context, including their address, phone numbers, email, and, if they are older, any bank or credit card information.
In addition to the above it’s worth considering how your child may be impacted emotionally by frequent usage of social networking sites. Some experts have warned that sites such as Facebook and Twitter can have a negative effect on children who are less confident and self-assured, as they can equate their happiness and success as individuals with how many friends they have on Facebook.
Even if a child isn’t being bullied as such, they can experience self-esteem issues if their online network isn’t as big as their friends, or they have been excluded from a certain online group.
There are also concerns that young people are substituting their online relationships for physical ones, by spending more time in front of the computer than they do in the real world. And by not having to work at friendships, ironing out problems together when they arise – as is the case in the real world (on social networking sites you simply delete someone from your list of friends) – there is a worry that young people are losing their empathy and not developing the social and emotional skills they’ll need as adults.
It would be easy to pull the plug on the home computer after reading the above list of potential threats to your child while using social networking sites. But it’s important to consider how online communication in one form or another is shaping our children’s future.
According to government statistics back in 2007, 55% of children aged 12-15 who used the Internet at home had created a page or profile on a social networking site, which equates to two in five of all this age group in the UK. Indeed 55% of this group accessed social networking sites at home at least once a week.
Most children and young people will have a positive, enjoyable experience when they access their social networking site. But it’s important to supervise your child‘s activity to an appropriate extent, without your child feeling you are trying to spy on them.
Obviously much will depend on your child’s age and it becomes trickier to supervise your child once they reach their teens. But by setting some ground rules on home internet usage and showing some interest and understanding of your child’s online activities you’ll be helping to ensure their online experiences are as safe and happy as possible.
General tips for parents
- Take a look at some of the social networking sites yourself to get a feel for what they’re all about – you’ll feel much more comfortable about your child using social networking sites if you understand how they work
- Look at the privacy information or safety tips provided on each social networking site – you’ll usually find such information in either the ‘about us’ sections of websites or in dedicated ‘safety’ and ‘privacy sections
- Engage with your children about their experiences on the Internet, without making it seem like you’re snooping on them – this way your child won’t feel worried about speaking to you should an issue arise, such as online bullying or being sent inappropriate content
- Set limits on Internet usage at home – it’s not a good idea for children to spend inordinate amounts of time in front of a screen, be it TV, games console or computer so make sure you set house rules on how the Internet is to be used at home
- Help your child to feel confident about their place in the online community and make sure that, just as in the real world, it’s important they never follow the herd if they’re uncomfortable about doing something – peer pressure can make children publish information they may not wish to broadcast, such as the location and date of a forthcoming birthday party
- Ensure your child is the minimum age required to join a social networking site
- Install a tool that allows you to monitor your child‘s online activity, limit the amount of time they spend online and even block their ability to send out personal information
- Never give out personal details such as addresses or mobile phone numbers on social networking sites
- Don’t accept friend requests from people you don’t know personally
- Use ‘strong’ passwords and ensure your child never discloses their password to anyone, even a close friend – a ‘strong’ password could be a very random mix of letters and characters
- Select the strongest privacy setting when your child is setting up their online profile
- Be selective about uploading images, status updates and messages, even among trusted friends
- Your child should NEVER agree to meet a stranger they’ve been communicating online with in person
- Make sure your child is aware of the safety functions they can employ when using social networking sites – many of these will have a ‘block’ function to stop unwanted contact with another user
Thanks ZeroFOX and for reading Social Media Threats
Image: ITBusiness Edge “Beware Security Threats on Five Popular Social Networking Sites‘
Help Support Our Work