Endpoint
8/15/2013
06:58 AM
John H. Sawyer
John H. Sawyer
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

How Attackers Target And Exploit Social Networking Users

A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

[The following is excerpted from "How Attackers Target and Exploit Social Networking Users," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Five years ago, social networking sites weren't a big problem for businesses. Employees mostly used these sites for personal purposes, which made it easy for IT to create policies and security controls that prevented end users from participating in social networks on corporate systems and networks altogether.

However, all that has changed since organizations have begun exploiting social networks for business purposes, including sales, marketing and customer service. Indeed, what was once seen as a waste of time is now the primary marketing medium for many companies.

Organizations that once put in place controls to block social media are relaxing those settings for certain users and groups within the company. Unfortunately, with the genie out of the bottle, business management and IT have been challenged to figure out how to put controls around the use of social networking that balance security and flexibility.

Part of the problem is that many companies don't understand the real core issue: It's not that attackers are abusing information posted to social networking sites or that they are waging attacks using the sites themselves; it's that employees do not understand the risks associated with the information they post online, and they don't realize the extent of the damage that could occur from a successful attack.

There are a couple of key issues to consider. The first is the very nature of social networks. They were designed as a platform on which users could collaborate and share, mostly (at least in the early days) for personal reasons. The problem is that employees don't necessarily realize that the information they post publicly in these environments can be used in social engineering attacks and for resetting passwords on websites. Their public profiles make it very easy for an attacker to identify employees and often include more than enough details to craft an effective spear phishing attack.

Another contributing factor is age. The amount of information shared and the understanding of social networks are greatly affected by the age of an employee. It's not uncommon for older employees to dismiss social media as a fad and not give it a second thought. On the other hand, employees entering the workforce in the last 10 years or so have grown up with sites like Facebook. They don't think twice about "checking in" when they arrive at a restaurant or posting pictures of their friends and co-workers on Instagram.

It's perhaps not a surprise, then, that users and IT don't see eye to eye when it comes to the dangers of social network use and security. Employees have a hard time grasping how an attacker can leverage the most mundane-seeming information to attack them or their employers. What they must realize is that nearly everything can be used against them -- from who works on the help desk and who works in sales, to where the company picnic was held, to pictures of employees with their identification badges showing, and much, much more.

The Digital Defense report "Social Media Dangers: What Every 'Social Butterfly' Should Know" includes several scenarios to illustrate the types of information attackers find valuable. One example describes how a frustrated employee tweeted on her own Twitter profile that her company's security guard was late for work on a regular basis: "I hate waiting for the security guard who is always late! #atmyoffice." An attacker could use that kind of information to learn employee schedules and the times when it may be easier to break in because the security guard isn't on duty.

In addition to information posted about and b employees, files posted online can expose lots of juicy information about company offices, locations and technology in use. That leaked information is often in the form of metadata, which is information about the data in the file and is embedded in the file itself. Metadata can include, but is certainly not limited to, geolocation information, owner/author/user name, computer names, network shares, IP addresses and application versions.

To read more about the specific ways that attackers take advantage of information on social networking sites -- and what your enterprise can do to protect itself -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon7007416268
50%
50%
anon7007416268,
User Rank: Apprentice
8/16/2013 | 5:33:22 PM
re: How Attackers Target And Exploit Social Networking Users
Great article John! Another interesting angle is that many people use the same password for their social media accounts as they do for their work accounts. As such, if a person gains access to one, they can exploit the other.

Jamie Manuel - Dell Software
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.