Endpoint
8/15/2013
06:58 AM
John H. Sawyer
John H. Sawyer
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

How Attackers Target And Exploit Social Networking Users

A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

[The following is excerpted from "How Attackers Target and Exploit Social Networking Users," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Five years ago, social networking sites weren't a big problem for businesses. Employees mostly used these sites for personal purposes, which made it easy for IT to create policies and security controls that prevented end users from participating in social networks on corporate systems and networks altogether.

However, all that has changed since organizations have begun exploiting social networks for business purposes, including sales, marketing and customer service. Indeed, what was once seen as a waste of time is now the primary marketing medium for many companies.

Organizations that once put in place controls to block social media are relaxing those settings for certain users and groups within the company. Unfortunately, with the genie out of the bottle, business management and IT have been challenged to figure out how to put controls around the use of social networking that balance security and flexibility.

Part of the problem is that many companies don't understand the real core issue: It's not that attackers are abusing information posted to social networking sites or that they are waging attacks using the sites themselves; it's that employees do not understand the risks associated with the information they post online, and they don't realize the extent of the damage that could occur from a successful attack.

There are a couple of key issues to consider. The first is the very nature of social networks. They were designed as a platform on which users could collaborate and share, mostly (at least in the early days) for personal reasons. The problem is that employees don't necessarily realize that the information they post publicly in these environments can be used in social engineering attacks and for resetting passwords on websites. Their public profiles make it very easy for an attacker to identify employees and often include more than enough details to craft an effective spear phishing attack.

Another contributing factor is age. The amount of information shared and the understanding of social networks are greatly affected by the age of an employee. It's not uncommon for older employees to dismiss social media as a fad and not give it a second thought. On the other hand, employees entering the workforce in the last 10 years or so have grown up with sites like Facebook. They don't think twice about "checking in" when they arrive at a restaurant or posting pictures of their friends and co-workers on Instagram.

It's perhaps not a surprise, then, that users and IT don't see eye to eye when it comes to the dangers of social network use and security. Employees have a hard time grasping how an attacker can leverage the most mundane-seeming information to attack them or their employers. What they must realize is that nearly everything can be used against them -- from who works on the help desk and who works in sales, to where the company picnic was held, to pictures of employees with their identification badges showing, and much, much more.

The Digital Defense report "Social Media Dangers: What Every 'Social Butterfly' Should Know" includes several scenarios to illustrate the types of information attackers find valuable. One example describes how a frustrated employee tweeted on her own Twitter profile that her company's security guard was late for work on a regular basis: "I hate waiting for the security guard who is always late! #atmyoffice." An attacker could use that kind of information to learn employee schedules and the times when it may be easier to break in because the security guard isn't on duty.

In addition to information posted about and b employees, files posted online can expose lots of juicy information about company offices, locations and technology in use. That leaked information is often in the form of metadata, which is information about the data in the file and is embedded in the file itself. Metadata can include, but is certainly not limited to, geolocation information, owner/author/user name, computer names, network shares, IP addresses and application versions.

To read more about the specific ways that attackers take advantage of information on social networking sites -- and what your enterprise can do to protect itself -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon7007416268
50%
50%
anon7007416268,
User Rank: Apprentice
8/16/2013 | 5:33:22 PM
re: How Attackers Target And Exploit Social Networking Users
Great article John! Another interesting angle is that many people use the same password for their social media accounts as they do for their work accounts. As such, if a person gains access to one, they can exploit the other.

Jamie Manuel - Dell Software
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.