Leading information security threat forecasts for 2011 indicate rise in social media threats and attacks. Symantec’s Enterprise Security Survey 2010 – Millennial Mobile Workforce and Data Loss revealed that 82% of Indian employees use Facebook, 62% blogs, 46% microblogs, 69% Google Talk, and 61% Yahoo Messenger. The convergence of employees’ personal and professional lives on social media platforms and the high degree of trust in these environments is also becoming a major concern for enterprises.
In the first of a two-part series on social media related security threats and preventive measures, lets discuss some of the key social media threats and methods of attacks.
- Social engineering: Today, ‘social engineering’ is one of the most prevalent social media threats and also the most popular tactic for cyber criminals. Social media platforms allow attackers to find personal information that can be used to target specific individuals. Using information from employee profiles, a plausible fake account can be created to establish trust over time. Once the trust is built, the attacker might start asking for specific information, like internal server names, project names, or even have the new friend open an infected document or visit a prepared website that will drop a backdoor onto their computer.
- Targeted phishing attacks: Such attacks are carried out to steal money or confidential information, as was the case with the Hydraq attacks in early 2010 that compromised critical information of several multi national companies. This social media threat is an example of social engineering tactics, whereby attackers exploit fear and anxiety, instead of system vulnerability to get users to part with their money. Since these attacks are so specific and targeted, the chances of success are higher.
- Fake accounts: In July 2010, a fake profile named Robin Sage was actively pushed to request connections to random people, which most people accepted without knowing who the fictitious woman was. The seriousness of such social media threats gets underscored when one considers that the fake account in this case, was successful in connecting with hundreds of people from various organizations, including military, government, and security firms.
- Celebrity name misuse: This is one of the popular social media threats of today. There have been several incidents of hackers registering a new account under the name of a celebrity. Such a fake account can be used to spread misinformation and rumors or to attract new followers that can later be spammed. The gravity of these threats lies in the fact that hackers can use social media to extract users’ personal information and misuse it. There is generally no real authentication process that links a virtual profile to a real life identity. Hence, authentication of identification is important to protect against these social media threats.
- Site compromise:In this social media threat, if an attacker compromises a social networking site with malicious code, any visitor to the site would be susceptible to attack. Hackers have also found ways to insert malicious code into advertisements and create rogue third-party applications, which lure users and ultimately compromise their computers or gather their personal information.
- Social media used for spreading spam and malware: Social networking sites like Twitter and Facebook are often used to spread malware. The growing popularity of shortened URLs is also giving rise to several social media threats. Cyber criminals often mask their links with a short URL making it difficult for the user to identify whether it is pointing to a legitimate or malicious site. This threat is a real possibility for social bookmarking and micro blogging sites, which are used to spread links and news in a very short span of time.
- Confidential information leak: The scariest of social media threats is where employees start revealing seemingly uncritical technical information to the public. This could be a Twitter comment stating that the user is fed up configuring a particular firewall product at work or a status message indicating that the user finally found a way around a Web proxy product being used, and is now able to post to his profile again. An attacker could use this information to identify the security software of the user or the company.
In the next part, read how to address the social media threats with security policies and safety best practices.
About the author: Shantanu Ghosh is vice president for India product operations at Symantec Corporation. He has been instrumental in building a significant R&D footprint for Symantec enterprise security products in Pune.
(As told to Dhwani Pandya)