Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/30/2021
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Publicly Available Data Enables Enterprise Cyberattacks

Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.

Most security leaders are acutely aware of the threat phishing scams pose to enterprise security. What garners less attention is the vast amount of publicly available information about organizations and their employees that enables these attacks.

Kaspersky researchers recently examined the different methods cybercriminals use to gather publicly available and seemingly non-threatening information about companies and dox, or attack, them with it. The security vendor found adversaries are putting considerably more effort and resources into gathering data for enterprise attacks than they would in attacks on individual users because of the potentially higher monetary payoffs.

Related Content:

Companies See Business In 'Doxing' The Adversary

Special Report: How Data Breaches Affect the Enterprise

New From The Edge:What You Need to Know -- or Remember -- About Web Shells

"Public data is the first step to collecting private data," says Roman Dedenok, security researcher at Kaspersky. Contrary to perception, attackers don't always need to hack into systems in order to gain access to an organization's confidential data, he says.  It's often easier for cybercriminals to hack an organization using the human factor, Dedenok says. "Cybercriminals can use public information to collect private data and also get access to the company's finances and cause damage to reputation."

Kaspersky found that publicly accessible online sources, including social media platforms such as LinkedIn and Facebook, are the primary and often richest sources of information for phishers and other cybercriminals. Such platforms often reveal the names and positions of employees and key executives such as the CEO, head of HR, and people in charge of finance and accounting.

The information publicly available on these sites — such as a top executive's 'friends' or connections — can help adversaries quickly figure out an organization's hierarchy, an executive's direct subordinates, and other information that can be extremely useful in carrying out attacks. Even seemingly inconsequential data, like an individual's post on Facebook about restaurants, gyms, or places they visit can provide useful fodder for phishing and other social engineering attacks.

Business email compromise (BEC) is one example of the kind of attacks this data can enable, according to Kaspersky. Attackers often use data about individuals and their organizations gleaned from publicly accessible forums to gain a victim's trust. A common tactic is to pose as the victim's superior, fellow employee, or third-party representative to get the victim to take some action; for example, parting with their credentials, stealing sensitive data, or initiating wire transfers to an attacker-controlled account. In February alone, Kaspersky researchers registered a total of 1,646 unique BEC attacks.

Kaspersky found credential leaks, such as those involving improperly configured Amazon cloud storage buckets, to be another big source of helpful data for criminals. In recent years, there has been a significant uptick in these types of leaks, which have resulted in heightened risk for the owners of leaked data repositories.

The Tracking Pixel Threat

Another method common among attackers involves the so-called 'tracking pixel', a technique that mass e-mailers use to know if an email recipient opened the message or not, Kaspersky observed. Attackers often use this utility in emails sent to targeted recipients to gather information on when emails were typically opened and the recipient's email client, IP address, and other data they can use to impersonate another individual in future attacks.

The threat to organizations from such doxing can vary, Dedenok says. "For some companies the loss of a large amount of money may be critical, for others - leak of a private secret information can be disaster," he notes.

Information gathered from publicly available sources can help attackers access data that can later be used as leverage to extort money from victims. If an organization refuses to pay, they could suffer brand damage when the compromised data later surfaces on some criminal forum, he notes.

"Usually this is either extortion of money, or brand and reputational damage," Dedenok says. "There may be exotic cases [where] cybercriminals [might] publish private data in order to lower the company's shares and make money on it."

Kaspersky recommends that organizations establish and enforce a rigid rule prohibiting employees from discussing work-related matters on publicly accessible forums. Employees also need to be made aware of the risks and aggressive tactics that cybercriminals use to gather data that might be handy in attacks against businesses.

"In order for companies to prevent employees from discussing work processes in third-party messengers/social networks, it is necessary not only to prohibit this, but to explain why it is dangerous," Dedenok said. "This is a difficult, but necessary task."

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
CVE-2021-32554
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.