Social media is often seen as a greater threat to business productivity than cyber security.
But that assumption may need to change.
Social networks like Facebook, Twitter, and LinkedIn continue to grow, and thousands of cyber attacks are launched against their users every day.
The number of fake accounts on social networks exploded in 2017, growing 300% from Q1 to Q2 alone, according to a quarterly report from Proofpoint.
Last year, social media phishing attacks surged 500% year-over-year.
The threats also seem to grow in sophistication every day.
In March 2017, a Twitter phishing attack targeted 10,000 employees at the U.S. Department of Defense with “expertly tailored messages,” according to Time magazine.
One of the breached employees was targeted through his wife’s Twitter account, not his own, according to the New York Times.
“She was the one to click on a link to a vacation package, after exchanging messages with friends over what they should do with their children over the summer.”
The number of fake social media accounts spiked this year, and attackers are finding many uses for them:
Attackers can also perform these tasks with hijacked accounts – those they’ve taken over by infecting the victim with malware or otherwise stealing their credentials.
Users share astonishing amounts of information on social networks. Depending on the style of network, merely friending or following someone can reveal deeply personal details:
A rich profile emerges, ready for the attacker to use when crafting malicious messages designed to entice the person to click or share.
Phishing and malware threats on social networks can be very similar because they often rely on external links.
Phishing links typically point the victim to a malicious website. The site either impersonates a brand to trick the user into entering login information, or it attempts to infect the user with malware – or both.
Malware links also typically point to a malicious website. However, these threats can alternatively encourage users to download the payload via direct message.
How the Links Spread
Exceptions aside – most of these attacks spread via links to external, malicious websites.
They do this in several ways:
Spear Phishing and Tailored Attacks
The sophistication of cyber attacks in all channels continues to advance, and social media threats are no exception.
For example, speakers at Black Hat 2016 presented a research paper outlining a system for automated spear phishing in Twitter titled, Weaponizing Data Science for Social Engineering.
Here’s an excerpt:
“In order to make a clickthrough more likely, dynamically seeded with topics extracted from the timeline posts of both the target and the users they retweet or follow… These techniques enable the world's first automated endtoend spear phishing campaign generator for Twitter.”
Hackers are also improving evasion tactics. Reports emerged this month of an attack that uses link cloaking to trick Facebook’s review team into believing malicious links are safe.
Compared to email, another popular channel of attack, social networks offer many benefits to attackers:
Users are often more comfortable on social networks than when checking email.
Unlike email, most social networks are not overrun by spam and marketing messages. Most of the material seen by users is sent by friends, brands, and publishers they have chosen to follow.
This creates an atmosphere of trust and camaraderie – one in which a user is more likely to click a shared link than they would be if the link had arrived via a work email.
In an experiment, researchers at ZeroFox designed a system to automatically create and send spear phishing links to Twitter users.
“On tests consisting of 90 users, we found that our automated spear phishing framework had between 30% and 66% success rate,” according to the team’s report.
Social networks provide a wealth of information about users. Depending on a person’s privacy settings, an attacker might be able to see their contacts, location, and topics of interest.
Compare that with email. Without breaching a person’s account, an attacker can see nothing.
Sure, a hacker can gather information from other online resources. But social media sites offer one-stop shopping. Attackers can gather recon, tailor a campaign, and launch it in the same channel.
This creates a huge opportunity for spear phishing – or very targeted attacks that are tailored to the victim – which is why the attacks are growing.
As a digital platform grows in popularity, it becomes a bigger target for cybercrime. This has been true of Apple’s OS X as it gained market share.
One reason email is one of the most popular channels for cyber crime is its popularity. Nearly 90% of people in the U.S. have an email account, according to Statistica.
Two-thirds of people in North America are on social networking sites – that’s 385 million people.
Social media adoption – and the number of threats on these networks – will continue to grow.