Endpoint
8/15/2013
06:58 AM
John H. Sawyer
John H. Sawyer
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

How Attackers Target And Exploit Social Networking Users

A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

[The following is excerpted from "How Attackers Target and Exploit Social Networking Users," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Five years ago, social networking sites weren't a big problem for businesses. Employees mostly used these sites for personal purposes, which made it easy for IT to create policies and security controls that prevented end users from participating in social networks on corporate systems and networks altogether.

However, all that has changed since organizations have begun exploiting social networks for business purposes, including sales, marketing and customer service. Indeed, what was once seen as a waste of time is now the primary marketing medium for many companies.

Organizations that once put in place controls to block social media are relaxing those settings for certain users and groups within the company. Unfortunately, with the genie out of the bottle, business management and IT have been challenged to figure out how to put controls around the use of social networking that balance security and flexibility.

Part of the problem is that many companies don't understand the real core issue: It's not that attackers are abusing information posted to social networking sites or that they are waging attacks using the sites themselves; it's that employees do not understand the risks associated with the information they post online, and they don't realize the extent of the damage that could occur from a successful attack.

There are a couple of key issues to consider. The first is the very nature of social networks. They were designed as a platform on which users could collaborate and share, mostly (at least in the early days) for personal reasons. The problem is that employees don't necessarily realize that the information they post publicly in these environments can be used in social engineering attacks and for resetting passwords on websites. Their public profiles make it very easy for an attacker to identify employees and often include more than enough details to craft an effective spear phishing attack.

Another contributing factor is age. The amount of information shared and the understanding of social networks are greatly affected by the age of an employee. It's not uncommon for older employees to dismiss social media as a fad and not give it a second thought. On the other hand, employees entering the workforce in the last 10 years or so have grown up with sites like Facebook. They don't think twice about "checking in" when they arrive at a restaurant or posting pictures of their friends and co-workers on Instagram.

It's perhaps not a surprise, then, that users and IT don't see eye to eye when it comes to the dangers of social network use and security. Employees have a hard time grasping how an attacker can leverage the most mundane-seeming information to attack them or their employers. What they must realize is that nearly everything can be used against them -- from who works on the help desk and who works in sales, to where the company picnic was held, to pictures of employees with their identification badges showing, and much, much more.

The Digital Defense report "Social Media Dangers: What Every 'Social Butterfly' Should Know" includes several scenarios to illustrate the types of information attackers find valuable. One example describes how a frustrated employee tweeted on her own Twitter profile that her company's security guard was late for work on a regular basis: "I hate waiting for the security guard who is always late! #atmyoffice." An attacker could use that kind of information to learn employee schedules and the times when it may be easier to break in because the security guard isn't on duty.

In addition to information posted about and b employees, files posted online can expose lots of juicy information about company offices, locations and technology in use. That leaked information is often in the form of metadata, which is information about the data in the file and is embedded in the file itself. Metadata can include, but is certainly not limited to, geolocation information, owner/author/user name, computer names, network shares, IP addresses and application versions.

To read more about the specific ways that attackers take advantage of information on social networking sites -- and what your enterprise can do to protect itself -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
anon7007416268
50%
50%
anon7007416268,
User Rank: Apprentice
8/16/2013 | 5:33:22 PM
re: How Attackers Target And Exploit Social Networking Users
Great article John! Another interesting angle is that many people use the same password for their social media accounts as they do for their work accounts. As such, if a person gains access to one, they can exploit the other.

Jamie Manuel - Dell Software
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web