Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/30/2021
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Publicly Available Data Enables Enterprise Cyberattacks

Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.

Most security leaders are acutely aware of the threat phishing scams pose to enterprise security. What garners less attention is the vast amount of publicly available information about organizations and their employees that enables these attacks.

Kaspersky researchers recently examined the different methods cybercriminals use to gather publicly available and seemingly non-threatening information about companies and dox, or attack, them with it. The security vendor found adversaries are putting considerably more effort and resources into gathering data for enterprise attacks than they would in attacks on individual users because of the potentially higher monetary payoffs.

Related Content:

Companies See Business In 'Doxing' The Adversary

Special Report: How Data Breaches Affect the Enterprise

New From The Edge:What You Need to Know -- or Remember -- About Web Shells

"Public data is the first step to collecting private data," says Roman Dedenok, security researcher at Kaspersky. Contrary to perception, attackers don't always need to hack into systems in order to gain access to an organization's confidential data, he says.  It's often easier for cybercriminals to hack an organization using the human factor, Dedenok says. "Cybercriminals can use public information to collect private data and also get access to the company's finances and cause damage to reputation."

Kaspersky found that publicly accessible online sources, including social media platforms such as LinkedIn and Facebook, are the primary and often richest sources of information for phishers and other cybercriminals. Such platforms often reveal the names and positions of employees and key executives such as the CEO, head of HR, and people in charge of finance and accounting.

The information publicly available on these sites — such as a top executive's 'friends' or connections — can help adversaries quickly figure out an organization's hierarchy, an executive's direct subordinates, and other information that can be extremely useful in carrying out attacks. Even seemingly inconsequential data, like an individual's post on Facebook about restaurants, gyms, or places they visit can provide useful fodder for phishing and other social engineering attacks.

Business email compromise (BEC) is one example of the kind of attacks this data can enable, according to Kaspersky. Attackers often use data about individuals and their organizations gleaned from publicly accessible forums to gain a victim's trust. A common tactic is to pose as the victim's superior, fellow employee, or third-party representative to get the victim to take some action; for example, parting with their credentials, stealing sensitive data, or initiating wire transfers to an attacker-controlled account. In February alone, Kaspersky researchers registered a total of 1,646 unique BEC attacks.

Kaspersky found credential leaks, such as those involving improperly configured Amazon cloud storage buckets, to be another big source of helpful data for criminals. In recent years, there has been a significant uptick in these types of leaks, which have resulted in heightened risk for the owners of leaked data repositories.

The Tracking Pixel Threat

Another method common among attackers involves the so-called 'tracking pixel', a technique that mass e-mailers use to know if an email recipient opened the message or not, Kaspersky observed. Attackers often use this utility in emails sent to targeted recipients to gather information on when emails were typically opened and the recipient's email client, IP address, and other data they can use to impersonate another individual in future attacks.

The threat to organizations from such doxing can vary, Dedenok says. "For some companies the loss of a large amount of money may be critical, for others - leak of a private secret information can be disaster," he notes.

Information gathered from publicly available sources can help attackers access data that can later be used as leverage to extort money from victims. If an organization refuses to pay, they could suffer brand damage when the compromised data later surfaces on some criminal forum, he notes.

"Usually this is either extortion of money, or brand and reputational damage," Dedenok says. "There may be exotic cases [where] cybercriminals [might] publish private data in order to lower the company's shares and make money on it."

Kaspersky recommends that organizations establish and enforce a rigid rule prohibiting employees from discussing work-related matters on publicly accessible forums. Employees also need to be made aware of the risks and aggressive tactics that cybercriminals use to gather data that might be handy in attacks against businesses.

"In order for companies to prevent employees from discussing work processes in third-party messengers/social networks, it is necessary not only to prohibit this, but to explain why it is dangerous," Dedenok said. "This is a difficult, but necessary task."

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.