The number of corporate espionage attacks is increasing. From advanced persistent threat attacks siphoning off proprietary research and intellectual property to fake social media accounts used for social engineering attacks to launch malware, enterprises' valuable information and trade secrets are being compromised.
Corporate espionage tactics have evolved with the digital revolution; criminals no longer need to break into a physical building to steal a company's crown jewels. The threat landscape for businesses has expanded alongside the adoption of new social media and digital channels. Social media platforms and channels have now become business essentials, and bad actors have taken notice.
Many of these social media platforms lie outside the traditional cybersecurity perimeter, enabling bad actors to more easily access an individual's, enterprise's, or government's information without having to worry about getting caught by traditional network security protections. For example, credible reports show that WeChat has been involved in cyber espionage campaigns, with the Chinese government using the platform to collect intelligence, monitor activity, and recruit potential spies. Beijing has even developed Trojan spyware to be distributed through WeChat, and the app has been used as a backdoor to hijack user's phones.
We've also seen damaging corporate cyber espionage campaigns conducted through LinkedIn. Last December, Operation Sharpshooter was found to be targeting nuclear, defense, energy, and financial companies, with the ultimate goal to penetrate security defenses and steal intellectual property. One of the ways the bad actors behind this campaign approached their targets was by posing as job recruiters and using messaging apps for outreach. The Iranian-linked APT34 group recently conducted a similar attack through LinkedIn. Hackers phished employees at target industries with malicious documents, delivering them through LinkedIn mail. These efforts obtained industry insider information and data.
These threats are so severe that this summer the FBI warned government contractors that foreign intelligence officers may target them using social media to gather information and conduct espionage campaigns.
Why There Is More Risk for Cyber Espionage Through Social Media
People are more trusting online. The risks that email poses to businesses are well established. Companies regularly educate their employees about phishing emails, have monitoring systems in place, and penetration test their employees. However, user behavior is different online; individuals tend to trust more and overshare when they're using social media. Without proper awareness and security measures in place, it's easier to leverage social engineering to target victims with personal attacks.
Expanded attack surface creates gaps in cyber defense. Social media platforms lie outside the traditional cybersecurity perimeter. This is problematic because security and compliance teams have limited visibility into the social channels that employees are using. Even if they block channels such as Facebook through a firewall, employees can get around that by logging in on their phones.
Attacks are difficult to detect. Many enterprises lack visibility into the accounts and pages that extend their attack surface. If an employee's personal LinkedIn account is compromised because that person clicks on a malicious link while on the mobile app, he or she can compromise the entire company's network and the security team will have no idea. The bad actor that injected the malicious code could gain access to the company network and siphon off trade secrets without detection.
Steps to Combat Corporate Espionage and Mitigate Risks
Gain visibility into known and unknown social media assets. You can't protect what you can't see. The first step is to gain full visibility into your organization's assets. Identify every brand account, including both accounts and pages for the company, individual departments, executives, and personnel. A clear inventory of social pages and accounts will clarify your company's potential attack surface.
Establish control over brand assets. After you've brought your social media assets under your protection, establish control. A robust cybersecurity strategy starts with the principle of least privilege, by which users only have access to the systems and data that are necessary for their jobs. The same principle should apply to social media.
Respond to threats in real time. Conflict can escalate in seconds on social media. Whether an attacker attempts to take over a Twitter account, a botnet is summoned to downvote videos on YouTube, or a bad actor steals an employee's credentials to gain access to other channels, you need a security protocol to stop the attack before it happens. Real-time detection of malicious content or account takeover attacks is the first step. Ensure you can lock down accounts, quarantine malicious content, or revert account profiles when a compromise happens.
Protect assets with a proactive defense. Your enterprise should proactively monitor cyber threats or risks to your brand from bad actors and imposter accounts. This includes scanning the Dark Web and searching in overlooked areas such as app stores and e-commerce sites.
Businesses must extend their perimeter to include social media, which remains invisible to most security teams. To make it happen, you'll need a way to monitor every bit of information that leaves your business through both private and public channels. Your goal is to reduce risk and mitigate attacks before they start.
Often the biggest challenge is coping with the scale of risks. Social media is vast. It's impossible for administrators to monitor every post, share, like, and response manually. It's imperative you know immediately when something's amiss and can take action quickly with automation. Finding out your credentials were compromised yesterday is too late.
Proactive defense and automation can help your teams cope with scale and prioritize the risks that matter to stop cyber espionage.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How HR and IT Can Partner to Improve Cybersecurity."