Attacks/Breaches

2/21/2017
12:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Social Media Impersonators Drive Security Risk

A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.

The number of social media impersonators grew 11x between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create.

This finding comes from new research by social media security firm ZeroFOX, which spent two years digging into impersonators using machine learning, natural language processing, image recognition, and other techniques to gauge similarities between fake and legitimate accounts.

"We were analyzing tactics and techniques, trying to understand their motives for performing different types of attacks," says Mike Raggo, chief research scientist at ZeroFOX.

ZeroFOX gained its insight from about 40,000 brand impersonators across six platforms: Facebook, Twitter, Instagram, LinkedIn, Google+, and Youtube. Nearly 1,000 were analyzed in depth; for some, researchers talked with criminals to learn about goals and methodologies.

Attacks span all platforms but are most popular on Facebook, Twitter, and Google+. Their goals vary, but most involve money. With phishing, Raggo explains, they could be seeking credit card information or social network data so they can hijack accounts and broaden their victim pool.

Impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and "follow farming". Their habits are changing. In this research, Raggo explains, he was surprised to see an increase in impostors claiming to verify accounts.

"We saw a number of impersonators, across a number of different networks, exploiting the verification process," he says. Many claim to verify social media accounts for a price, and collect victims' credentials and credit card information in the process. The verification process varies across social platforms; some require fees and some don't.

Fake promoted ads are another trend to watch, he continues. Impostors create ads prompting users to click through to a malicious site. This was surprising, he continues, because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise. Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponize the account. They continue adopting new names over time to avoid getting caught.

"We saw a lot of impersonator accounts were set up weeks or months in advance," says Raggo. "A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time."

There are several ways impostors try to trick unsuspecting users. They employ link shortening so unsuspecting victims have no idea they're getting phished. They use cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.

This research highlights an interesting challenge for businesses as they figure out how to stay secure in the age of social media. Most organizations are equipped to handle phishing, malicious links, and malware in email -- but how are they positioned to handle social media?

"This is more than a perimeter and endpoint issue," he says. "This is a problem within the cloud, outside the business networks." Perimeter and endpoint security can help squash some of these threats, but they can't tackle all attacks from social media impostors.

Businesses should be monitoring for impersonators, watching for instances of brand hijacking or ads selling counterfeit goods. Finding these accounts isn't easy; anyone can go out and use relevant social apps to create fake profiles.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14339
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14340
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14342
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14343
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.