Endpoint
8/15/2013
06:58 AM
John H. Sawyer
John H. Sawyer
Quick Hits
50%
50%

How Attackers Target And Exploit Social Networking Users

A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

[The following is excerpted from "How Attackers Target and Exploit Social Networking Users," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Five years ago, social networking sites weren't a big problem for businesses. Employees mostly used these sites for personal purposes, which made it easy for IT to create policies and security controls that prevented end users from participating in social networks on corporate systems and networks altogether.

However, all that has changed since organizations have begun exploiting social networks for business purposes, including sales, marketing and customer service. Indeed, what was once seen as a waste of time is now the primary marketing medium for many companies.

Organizations that once put in place controls to block social media are relaxing those settings for certain users and groups within the company. Unfortunately, with the genie out of the bottle, business management and IT have been challenged to figure out how to put controls around the use of social networking that balance security and flexibility.

Part of the problem is that many companies don't understand the real core issue: It's not that attackers are abusing information posted to social networking sites or that they are waging attacks using the sites themselves; it's that employees do not understand the risks associated with the information they post online, and they don't realize the extent of the damage that could occur from a successful attack.

There are a couple of key issues to consider. The first is the very nature of social networks. They were designed as a platform on which users could collaborate and share, mostly (at least in the early days) for personal reasons. The problem is that employees don't necessarily realize that the information they post publicly in these environments can be used in social engineering attacks and for resetting passwords on websites. Their public profiles make it very easy for an attacker to identify employees and often include more than enough details to craft an effective spear phishing attack.

Another contributing factor is age. The amount of information shared and the understanding of social networks are greatly affected by the age of an employee. It's not uncommon for older employees to dismiss social media as a fad and not give it a second thought. On the other hand, employees entering the workforce in the last 10 years or so have grown up with sites like Facebook. They don't think twice about "checking in" when they arrive at a restaurant or posting pictures of their friends and co-workers on Instagram.

It's perhaps not a surprise, then, that users and IT don't see eye to eye when it comes to the dangers of social network use and security. Employees have a hard time grasping how an attacker can leverage the most mundane-seeming information to attack them or their employers. What they must realize is that nearly everything can be used against them -- from who works on the help desk and who works in sales, to where the company picnic was held, to pictures of employees with their identification badges showing, and much, much more.

The Digital Defense report "Social Media Dangers: What Every 'Social Butterfly' Should Know" includes several scenarios to illustrate the types of information attackers find valuable. One example describes how a frustrated employee tweeted on her own Twitter profile that her company's security guard was late for work on a regular basis: "I hate waiting for the security guard who is always late! #atmyoffice." An attacker could use that kind of information to learn employee schedules and the times when it may be easier to break in because the security guard isn't on duty.

In addition to information posted about and b employees, files posted online can expose lots of juicy information about company offices, locations and technology in use. That leaked information is often in the form of metadata, which is information about the data in the file and is embedded in the file itself. Metadata can include, but is certainly not limited to, geolocation information, owner/author/user name, computer names, network shares, IP addresses and application versions.

To read more about the specific ways that attackers take advantage of information on social networking sites -- and what your enterprise can do to protect itself -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon7007416268
50%
50%
anon7007416268,
User Rank: Apprentice
8/16/2013 | 5:33:22 PM
re: How Attackers Target And Exploit Social Networking Users
Great article John! Another interesting angle is that many people use the same password for their social media accounts as they do for their work accounts. As such, if a person gains access to one, they can exploit the other.

Jamie Manuel - Dell Software
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.