Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/6/2019
02:00 PM
Otavio Freire
Otavio Freire
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Social Media: Corporate Cyber Espionage's Channel of Choice

Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.

The number of corporate espionage attacks is increasing. From advanced persistent threat attacks siphoning off proprietary research and intellectual property to fake social media accounts used for social engineering attacks to launch malware, enterprises' valuable information and trade secrets are being compromised.

Corporate espionage tactics have evolved with the digital revolution; criminals no longer need to break into a physical building to steal a company's crown jewels. The threat landscape for businesses has expanded alongside the adoption of new social media and digital channels. Social media platforms and channels have now become business essentials, and bad actors have taken notice.

Many of these social media platforms lie outside the traditional cybersecurity perimeter, enabling bad actors to more easily access an individual's, enterprise's, or government's information without having to worry about getting caught by traditional network security protections. For example, credible reports show that WeChat has been involved in cyber espionage campaigns, with the Chinese government using the platform to collect intelligence, monitor activity, and recruit potential spies. Beijing has even developed Trojan spyware to be distributed through WeChat, and the app has been used as a backdoor to hijack user's phones.

We've also seen damaging corporate cyber espionage campaigns conducted through LinkedIn. Last December, Operation Sharpshooter was found to be targeting nuclear, defense, energy, and financial companies, with the ultimate goal to penetrate security defenses and steal intellectual property. One of the ways the bad actors behind this campaign approached their targets was by posing as job recruiters and using messaging apps for outreach. The Iranian-linked APT34 group recently conducted a similar attack through LinkedIn. Hackers phished employees at target industries with malicious documents, delivering them through LinkedIn mail. These efforts obtained industry insider information and data. 

These threats are so severe that this summer the FBI warned government contractors that foreign intelligence officers may target them using social media  to gather information and conduct espionage campaigns. 

Why There Is More Risk for Cyber Espionage Through Social Media

People are more trusting online. The risks that email poses to businesses are well established. Companies regularly educate their employees about phishing emails, have monitoring systems in place, and penetration test their employees. However, user behavior is different online; individuals tend to trust more and overshare when they're using social media. Without proper awareness and security measures in place, it's easier to leverage social engineering to target victims with personal attacks. 

Expanded attack surface creates gaps in cyber defenseSocial media platforms lie outside the traditional cybersecurity perimeter. This is problematic because security and compliance teams have limited visibility into the social channels that employees are using. Even if they block channels such as Facebook through a firewall, employees can get around that by logging in on their phones.

Attacks are difficult to detectMany enterprises lack visibility into the accounts and pages that extend their attack surface. If an employee's personal LinkedIn account is compromised because that person clicks on a malicious link while on the mobile app, he or she can compromise the entire company's network and the security team will have no idea. The bad actor that injected the malicious code could gain access to the company network and siphon off trade secrets without detection.

Steps to Combat Corporate Espionage and Mitigate Risks

Gain visibility into known and unknown social media assetsYou can't protect what you can't see. The first step is to gain full visibility into your organization's assets. Identify every brand account, including both accounts and pages for the company, individual departments, executives, and personnel. A clear inventory of social pages and accounts will clarify your company's potential attack surface.

Establish control over brand assetsAfter you've brought your social media assets under your protection, establish control. A robust cybersecurity strategy starts with the principle of least privilege, by which users only have access to the systems and data that are necessary for their jobs. The same principle should apply to social media.

Respond to threats in real timeConflict can escalate in seconds on social media. Whether an attacker attempts to take over a Twitter account, a botnet is summoned to downvote videos on YouTube, or a bad actor steals an employee's credentials to gain access to other channels, you need a security protocol to stop the attack before it happens. Real-time detection of malicious content or account takeover attacks is the first step. Ensure you can lock down accounts, quarantine malicious content, or revert account profiles when a  compromise happens. 

Protect assets with a proactive defenseYour enterprise should proactively monitor cyber threats or risks to your brand from bad actors and imposter accounts. This includes scanning the Dark Web and searching in overlooked areas such as app stores and e-commerce sites.

Businesses must extend their perimeter to include social media, which remains invisible to most security teams. To make it happen, you'll need a way to monitor every bit of information that leaves your business through both private and public channels. Your goal is to reduce risk and mitigate attacks before they start.

Often the biggest challenge is coping with the scale of risks. Social media is vast. It's impossible for administrators to monitor every post, share, like, and response manually. It's imperative you know immediately when something's amiss and can take action quickly with automation. Finding out your credentials were compromised yesterday is too late.

Proactive defense and automation can help your teams cope with scale and prioritize the risks that matter to stop cyber espionage.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How HR and IT Can Partner to Improve Cybersecurity."

As the President, CTO, and Co-Founder of SafeGuard Cyber, Mr. Freire is responsible for the development and continuous innovation of SafeGuard Cyber's enterprise platform, which enables global enterprise customers to extend cyber protection to social media and digital ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5541
PUBLISHED: 2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service...
CVE-2019-5542
PUBLISHED: 2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
CVE-2010-4660
PUBLISHED: 2019-11-20
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVE-2011-0529
PUBLISHED: 2019-11-20
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
CVE-2019-10765
PUBLISHED: 2019-11-20
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.