Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/6/2016
10:00 AM
Nick Hayes
Nick Hayes
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Social Media Sites Are The New Cyber Weapons Of Choice

Facebook, LinkedIn, and Twitter can't secure their own environments, let alone yours. It's time to sharpen your security acumen.

Cyber criminals run rampant across every social network today. We often see headlines about social marketing fails and celebrity account hacks, but they’re just the tip of the iceberg. Far more nefarious activity takes place across these social channels, while most organizations remain oblivious and exposed. Companies’ poor social media security practices put their brands, customers, executives, and entire organizations at serious risk.

Let’s look at the numbers. According to Cisco, Facebook scams were the most common form of malware distributed in 2015; the FBI said that social media-related events had quadrupled over the past five years; and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyber attack.

The first thing you must come to terms with is that social networks can’t secure their own environments, let alone yours. As much as they aim to mitigate security threats and terrorist propaganda on their platforms, they aren’t close to 100% effective. For example, Facebook reported that for 2015 up to 2% of its monthly average users—31 million accounts—are false, Twitter estimates 5%, and LinkedIn openly admitted, “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts.”

Despite this, social networks remain some of the most trusted channels online. Data shows that consumers implicitly trust people’s activity on social media more so than on any other communications channel. This is why social media sites are now a treasure trove for cyber criminals: The attackers now have incredibly broad reach and can easily manipulate users and execute a variety of widespread cyber attacks and scams, including everything from social engineering to exploit distribution to counterfeit sales to brand impersonations, account takeovers, customer fraud, and much more.

The point is that cyber criminals now weaponize social media sites and their data, leading to some of the biggest data breaches over the last few years. For example, LinkedIn was a key tool for reconnaissance (the scraping of public social data and social engineering tactics) for the cyber criminals who executed Anthem Health’s 2015 breach and its 80 million stolen records, while Twitter was an integral component of an innovative malware exploit dubbed “Hammertoss.” This technique has even been rumored to be connected to the Pentagon’s data breach last summer that took down the security agency’s 4,200-employee email server for two weeks while undetermined amounts of data were stolen.

Sinister Threats
While social media sites may not create completely new cyber threats, they do substantially amplify the risk of existing ones. From reconnaissance to brand hijacking and threat coordination, cyber criminals have been using social media to boost the effectiveness of their attacks for years. It’s clear that social media risk isn’t solely about brand and reputation damage but is a sinister cybersecurity threat that can lead to major data breaches, numerous compliance issues, and large amounts of lost revenue due to fraud and counterfeit sales, along with a slew of other risks.

So what does this all mean for your brand? Both security professionals and marketers alike should start treating social channels like the dangerous security threat they truly are, and align strategies to effectively fend against the range of cyber techniques currently in use. A first step in the right direction is to develop a framework and assess your social risk plan. Identify your most valuable social assets and customer touch points, and develop technical capabilities to continuously monitor them for signs of compromise and behavioral abnormalities.

But don’t stop there. To truly build an effective social media security plan, you need to understand your external risk environment and scour social channels for cyber threats outside of your direct control—be they doxing attempts, brand impersonations, or physical security threats to your employees or top executives. This should be done while also seeking feedback company-wide and coordinating with a range of stakeholders across legal, compliance, operations, and finance to ensure that all bases are covered.

Remember, social media is still in its infancy. Bolster your social media security acumen today so you’re better prepared for new social media exploits and innovative techniques that cyber criminals are sure to develop in the months and years to come.

Related Content:

 

 

Nick Hayes is an analyst at Forrester. His research is dedicated to helping risk professionals and other business leaders understand and manage customer-facing risks in order to build more resilient brands. He has extensive knowledge of the security, privacy, archiving, and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
bradprat
100%
0%
bradprat,
User Rank: Apprentice
5/29/2017 | 6:49:36 PM
Re: From here we got the news! Re:
It is no secret that no information is safe that we share on social media. Good informative article
FranckD064
50%
50%
FranckD064,
User Rank: Apprentice
4/22/2017 | 9:54:07 PM
Social hoverboard
Totally agree with your opinion
juliazz
50%
50%
juliazz,
User Rank: Apprentice
3/26/2017 | 7:04:55 AM
Social media
Totally agree with your post, social media is dangerous thing.
Dubai Desert Safari
50%
50%
Dubai Desert Safari,
User Rank: Apprentice
11/13/2016 | 4:08:00 AM
Thanks
<a href="https://www.dubaieveningsafari.com/">Thanks to share informations, from Desert Safari Dubai</a>
aghasohail
50%
50%
aghasohail,
User Rank: Strategist
11/3/2016 | 1:14:49 AM
The tip here is to keep educating your self.
Very nice information. In my opinion we should keep educating our self to get maximum level of security we can get. Thanks.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/2/2016 | 5:16:35 PM
Re: From here we got the tips!
Your information is astounding!! I will recommend it to my brother and anybody that could be attracted to this topic
amiee
50%
50%
amiee,
User Rank: Apprentice
11/1/2016 | 11:25:59 AM
From here we got the tips!
Great article for social media, and I have got the tips you shared me, but for the expirence of social media running, is it better to post ADs on social media website? Is it worth to pay for the ads for our website...
amiee
50%
50%
amiee,
User Rank: Apprentice
10/31/2016 | 8:21:50 AM
Re: The problem here is not the time
Ich habe eine lange Zeit für diese Art von Nachrichten online, Ihr Konzept insgesamt großartig für uns.
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
10/27/2016 | 9:28:47 AM
Identity theft
Social media sites have become the safe haven for cyber security blows altogether for the fact that users on such sites pay pretty much least attention towards data security measures. Therefore, it is essential to never compromise our online security. I use PureVPN to secure my account from the perils of data theft and to avoid any form of hacking attempt. 
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
10/27/2016 | 9:28:04 AM
Cyber security
Social media sites have become the safe haven for cyber security blows altogether for the fact that users on such sites pay pretty much least attention towards data security measures. Therefore, it is essential to never compromise our online security. I use PureVPN to secure my account from the perils of data theft and to avoid any form of hacking attempt. 
<<   <   Page 2 / 4   >   >>
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13623
PUBLISHED: 2019-07-17
In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis r...
CVE-2019-13624
PUBLISHED: 2019-07-17
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
CVE-2019-13625
PUBLISHED: 2019-07-17
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
CVE-2019-3571
PUBLISHED: 2019-07-16
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.