Account hijacking, unauthorised accounts and content-based threats, such as malicious links and phishing lures, are the main types of social media threats, analysts revealed.
Proofpoint's Nexgate division vice-president and general manager, Devin Redmond, said Fortune 100 companies are increasingly losing money, having their audiences attacked and experiencing damage to their brand on their own social media channels.
“Company-affiliated social pages, profiles and accounts are the next big attack surfaces for fraud, phishing, hacking and data theft,” he said.
According to Redmond, threats to corporate social media accounts and programmes have not received the appropriate level of attention.
“Much of that is due to the lack of understanding regarding the scope and types of security threats,” he said.
More on social media
- MPs call for clearer social media terms and conditions
- Government releases social media guidance for civil servants
- Bash bug creates wave of shell security concerns on social media
- Palo Alto exposes rising social media security risks
- Social media targeted at healthcare one way to engage patients
- Hacktivists hijack Skype social media accounts
- Best practices for employer monitoring of social media
The State of Social Media Infrastructure 2014, Part 2: Security Threats to the Social Infrastructure of the Fortune 100 report examines the taxonomy and types of social media security threats and their scope.
The report is based on in-depth threat analysis on the social media presence of all Fortune 100 firms for the 12-month period from July 2013 to June 2014.
Social media threats costly
Social media threats can be as damaging and costly to a brand as other corporate network compromises, digital fraud, malicious email scams and phishing attacks, the report said.
The report’s authors believe it is imperative social media professionals and IT security teams understand these threat types and incorporate security in their social media strategies.
According to the report, an average of two out of five Facebook accounts claiming to represent a Fortune 100 brand are unauthorised. This is true of one in five Twitter accounts.
Analysts revealed, on aggregate, Fortune 100 brands experience at least one compromise every day on their social media accounts.
Attacks on the rise
Social media spam grew sevenfold since mid-2013 when the previous State of Social Media Spam report was released.
Analysts said 99% of malicious URLs lead to websites with malware or phishing attacks and 2.29 accounts per firm exhibited hijack indicators, such as malware links posted by brand managers.
Social media account hijacks have become so common Nexgate is now able to identify historical patterns that can be used to determine whether or not a hijack has occurred.
The report said the primary purpose of social media threats are to steal customer data, damage the brand, manipulate markets and perpetrate various internet scams.
Overall, the report revealed Fortune 100 companies are a prime example of the tug-of-war between the widespread adoption of new social communications and the widely unresolved security threats to social media infrastructure.