Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/6/2019
02:00 PM
Otavio Freire
Otavio Freire
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Social Media: Corporate Cyber Espionage's Channel of Choice

Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.

The number of corporate espionage attacks is increasing. From advanced persistent threat attacks siphoning off proprietary research and intellectual property to fake social media accounts used for social engineering attacks to launch malware, enterprises' valuable information and trade secrets are being compromised.

Corporate espionage tactics have evolved with the digital revolution; criminals no longer need to break into a physical building to steal a company's crown jewels. The threat landscape for businesses has expanded alongside the adoption of new social media and digital channels. Social media platforms and channels have now become business essentials, and bad actors have taken notice.

Many of these social media platforms lie outside the traditional cybersecurity perimeter, enabling bad actors to more easily access an individual's, enterprise's, or government's information without having to worry about getting caught by traditional network security protections. For example, credible reports show that WeChat has been involved in cyber espionage campaigns, with the Chinese government using the platform to collect intelligence, monitor activity, and recruit potential spies. Beijing has even developed Trojan spyware to be distributed through WeChat, and the app has been used as a backdoor to hijack user's phones.

We've also seen damaging corporate cyber espionage campaigns conducted through LinkedIn. Last December, Operation Sharpshooter was found to be targeting nuclear, defense, energy, and financial companies, with the ultimate goal to penetrate security defenses and steal intellectual property. One of the ways the bad actors behind this campaign approached their targets was by posing as job recruiters and using messaging apps for outreach. The Iranian-linked APT34 group recently conducted a similar attack through LinkedIn. Hackers phished employees at target industries with malicious documents, delivering them through LinkedIn mail. These efforts obtained industry insider information and data. 

These threats are so severe that this summer the FBI warned government contractors that foreign intelligence officers may target them using social media  to gather information and conduct espionage campaigns. 

Why There Is More Risk for Cyber Espionage Through Social Media

People are more trusting online. The risks that email poses to businesses are well established. Companies regularly educate their employees about phishing emails, have monitoring systems in place, and penetration test their employees. However, user behavior is different online; individuals tend to trust more and overshare when they're using social media. Without proper awareness and security measures in place, it's easier to leverage social engineering to target victims with personal attacks. 

Expanded attack surface creates gaps in cyber defenseSocial media platforms lie outside the traditional cybersecurity perimeter. This is problematic because security and compliance teams have limited visibility into the social channels that employees are using. Even if they block channels such as Facebook through a firewall, employees can get around that by logging in on their phones.

Attacks are difficult to detectMany enterprises lack visibility into the accounts and pages that extend their attack surface. If an employee's personal LinkedIn account is compromised because that person clicks on a malicious link while on the mobile app, he or she can compromise the entire company's network and the security team will have no idea. The bad actor that injected the malicious code could gain access to the company network and siphon off trade secrets without detection.

Steps to Combat Corporate Espionage and Mitigate Risks

Gain visibility into known and unknown social media assetsYou can't protect what you can't see. The first step is to gain full visibility into your organization's assets. Identify every brand account, including both accounts and pages for the company, individual departments, executives, and personnel. A clear inventory of social pages and accounts will clarify your company's potential attack surface.

Establish control over brand assetsAfter you've brought your social media assets under your protection, establish control. A robust cybersecurity strategy starts with the principle of least privilege, by which users only have access to the systems and data that are necessary for their jobs. The same principle should apply to social media.

Respond to threats in real timeConflict can escalate in seconds on social media. Whether an attacker attempts to take over a Twitter account, a botnet is summoned to downvote videos on YouTube, or a bad actor steals an employee's credentials to gain access to other channels, you need a security protocol to stop the attack before it happens. Real-time detection of malicious content or account takeover attacks is the first step. Ensure you can lock down accounts, quarantine malicious content, or revert account profiles when a  compromise happens. 

Protect assets with a proactive defenseYour enterprise should proactively monitor cyber threats or risks to your brand from bad actors and imposter accounts. This includes scanning the Dark Web and searching in overlooked areas such as app stores and e-commerce sites.

Businesses must extend their perimeter to include social media, which remains invisible to most security teams. To make it happen, you'll need a way to monitor every bit of information that leaves your business through both private and public channels. Your goal is to reduce risk and mitigate attacks before they start.

Often the biggest challenge is coping with the scale of risks. Social media is vast. It's impossible for administrators to monitor every post, share, like, and response manually. It's imperative you know immediately when something's amiss and can take action quickly with automation. Finding out your credentials were compromised yesterday is too late.

Proactive defense and automation can help your teams cope with scale and prioritize the risks that matter to stop cyber espionage.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How HR and IT Can Partner to Improve Cybersecurity."

As the President, CTO, and Co-Founder of SafeGuard Cyber, Mr. Freire is responsible for the development and continuous innovation of SafeGuard Cyber's enterprise platform, which enables global enterprise customers to extend cyber protection to social media and digital ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20637
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connecti...
CVE-2020-11650
PUBLISHED: 2020-04-08
An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3-U1. It allows a denial of service.
CVE-2020-11653
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
CVE-2020-2732
PUBLISHED: 2020-04-08
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
CVE-2020-1627
PUBLISHED: 2020-04-08
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...