Endpoint
8/15/2013
06:58 AM
John H. Sawyer
John H. Sawyer
Quick Hits
50%
50%

How Attackers Target And Exploit Social Networking Users

A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

[The following is excerpted from "How Attackers Target and Exploit Social Networking Users," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Five years ago, social networking sites weren't a big problem for businesses. Employees mostly used these sites for personal purposes, which made it easy for IT to create policies and security controls that prevented end users from participating in social networks on corporate systems and networks altogether.

However, all that has changed since organizations have begun exploiting social networks for business purposes, including sales, marketing and customer service. Indeed, what was once seen as a waste of time is now the primary marketing medium for many companies.

Organizations that once put in place controls to block social media are relaxing those settings for certain users and groups within the company. Unfortunately, with the genie out of the bottle, business management and IT have been challenged to figure out how to put controls around the use of social networking that balance security and flexibility.

Part of the problem is that many companies don't understand the real core issue: It's not that attackers are abusing information posted to social networking sites or that they are waging attacks using the sites themselves; it's that employees do not understand the risks associated with the information they post online, and they don't realize the extent of the damage that could occur from a successful attack.

There are a couple of key issues to consider. The first is the very nature of social networks. They were designed as a platform on which users could collaborate and share, mostly (at least in the early days) for personal reasons. The problem is that employees don't necessarily realize that the information they post publicly in these environments can be used in social engineering attacks and for resetting passwords on websites. Their public profiles make it very easy for an attacker to identify employees and often include more than enough details to craft an effective spear phishing attack.

Another contributing factor is age. The amount of information shared and the understanding of social networks are greatly affected by the age of an employee. It's not uncommon for older employees to dismiss social media as a fad and not give it a second thought. On the other hand, employees entering the workforce in the last 10 years or so have grown up with sites like Facebook. They don't think twice about "checking in" when they arrive at a restaurant or posting pictures of their friends and co-workers on Instagram.

It's perhaps not a surprise, then, that users and IT don't see eye to eye when it comes to the dangers of social network use and security. Employees have a hard time grasping how an attacker can leverage the most mundane-seeming information to attack them or their employers. What they must realize is that nearly everything can be used against them -- from who works on the help desk and who works in sales, to where the company picnic was held, to pictures of employees with their identification badges showing, and much, much more.

The Digital Defense report "Social Media Dangers: What Every 'Social Butterfly' Should Know" includes several scenarios to illustrate the types of information attackers find valuable. One example describes how a frustrated employee tweeted on her own Twitter profile that her company's security guard was late for work on a regular basis: "I hate waiting for the security guard who is always late! #atmyoffice." An attacker could use that kind of information to learn employee schedules and the times when it may be easier to break in because the security guard isn't on duty.

In addition to information posted about and b employees, files posted online can expose lots of juicy information about company offices, locations and technology in use. That leaked information is often in the form of metadata, which is information about the data in the file and is embedded in the file itself. Metadata can include, but is certainly not limited to, geolocation information, owner/author/user name, computer names, network shares, IP addresses and application versions.

To read more about the specific ways that attackers take advantage of information on social networking sites -- and what your enterprise can do to protect itself -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon7007416268
50%
50%
anon7007416268,
User Rank: Apprentice
8/16/2013 | 5:33:22 PM
re: How Attackers Target And Exploit Social Networking Users
Great article John! Another interesting angle is that many people use the same password for their social media accounts as they do for their work accounts. As such, if a person gains access to one, they can exploit the other.

Jamie Manuel - Dell Software
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.