Social media is often seen as a greater threat to business productivity than cyber security.
But that assumption may need to change.
Social networks like Facebook, Twitter, and LinkedIn continue to grow, and thousands of cyber attacks are launched against their users every day.
Social Media Threats Are Surging
The number of fake accounts on social networks exploded in 2017, growing 300% from Q1 to Q2 alone, according to a quarterly report from Proofpoint.
Last year, social media phishing attacks surged 500% year-over-year.
The threats also seem to grow in sophistication every day.
Family Members Phished on Twitter
In March 2017, a Twitter phishing attack targeted 10,000 employees at the U.S. Department of Defense with “expertly tailored messages,” according to Time magazine.
One of the breached employees was targeted through his wife’s Twitter account, not his own, according to the New York Times.
“She was the one to click on a link to a vacation package, after exchanging messages with friends over what they should do with their children over the summer.”
Social Media Attacks: Main Types
Impersonation (Fake Accounts)
The number of fake social media accounts spiked this year, and attackers are finding many uses for them:
- Impersonation (individual) – Known as profile cloning, this threat uses fake accounts to impersonate a person known by the target, thereby making the person more likely to share information and click malicious links.This tactic is also used to spy on user’s social networks. In one example, operatives of the Russian government are said to have used this tactic to monitor the social networks of French President Emmanuel Macron.
- Impersonation (brands) – Attackers also create fake accounts that impersonate companies and brands, especially fake customer supportWhen a user on the network complains about an issue with the company, the attacker quickly reaches out to offer help, only leading the victim to disaster.
- Manipulation – Fake accounts are also used to inflate clicks, likes, and shares on content.This encourages a social network to prioritize the content over other material, thereby increasing its reach.
- Bots – Hackers create software to turn accounts into robots that automatically spread malicious links.Bots can also be used as part of elaborate click-fraud scams on the networks.
Attackers can also perform these tasks with hijacked accounts – those they’ve taken over by infecting the victim with malware or otherwise stealing their credentials.
Reconnaissance and Spying
Users share astonishing amounts of information on social networks. Depending on the style of network, merely friending or following someone can reveal deeply personal details:
- Approximate work and sleep schedule
- Friends, contacts, and family members
- Interests and hobbies
- Work history
- What they ate for lunch
A rich profile emerges, ready for the attacker to use when crafting malicious messages designed to entice the person to click or share.
Malicious Links – Phishing and Malware
Phishing and malware threats on social networks can be very similar because they often rely on external links.
Phishing links typically point the victim to a malicious website. The site either impersonates a brand to trick the user into entering login information, or it attempts to infect the user with malware – or both.
Malware links also typically point to a malicious website. However, these threats can alternatively encourage users to download the payload via direct message.
How the Links Spread
Exceptions aside – most of these attacks spread via links to external, malicious websites.
They do this in several ways:
- Shared content – Once a user’s account is hijacked, attackers will often use it to spread the attack to the victim’s contacts.This lends the malicious message an air of legitimacy and makes contacts more likely to click.
- Comments – Attackers will try to inject themselves into popular conversations, often by commenting on popular threads or using popular hashtags, while always including a malicious link.
- Direct Messages – Attackers can send a malicious link or file attachment easily with a direct message to anyone who has friended or followed them on the network.
Spear Phishing and Tailored Attacks
The sophistication of cyber attacks in all channels continues to advance, and social media threats are no exception.
For example, speakers at Black Hat 2016 presented a research paper outlining a system for automated spear phishing in Twitter titled, Weaponizing Data Science for Social Engineering.
Here’s an excerpt:
“In order to make a clickthrough more likely, [messages are] dynamically seeded with topics extracted from the timeline posts of both the target and the users they retweet or follow… These techniques enable the world’s first automated endtoend spear phishing campaign generator for Twitter.”
Hackers are also improving evasion tactics. Reports emerged this month of an attack that uses link cloaking to trick Facebook’s review team into believing malicious links are safe.
Why Hackers Love Social Media
Compared to email, another popular channel of attack, social networks offer many benefits to attackers:
Victims are Ready to Click
Users are often more comfortable on social networks than when checking email.
Unlike email, most social networks are not overrun by spam and marketing messages. Most of the material seen by users is sent by friends, brands, and publishers they have chosen to follow.
This creates an atmosphere of trust and camaraderie – one in which a user is more likely to click a shared link than they would be if the link had arrived via a work email.
Two-Thirds Clicked the Bait
In an experiment, researchers at ZeroFox designed a system to automatically create and send spear phishing links to Twitter users.
“On tests consisting of 90 users, we found that our automated spear phishing framework had between 30% and 66% success rate,” according to the team’s report.
Personal Data Freely Available
Social networks provide a wealth of information about users. Depending on a person’s privacy settings, an attacker might be able to see their contacts, location, and topics of interest.
Compare that with email. Without breaching a person’s account, an attacker can see nothing.
Sure, a hacker can gather information from other online resources. But social media sites offer one-stop shopping. Attackers can gather recon, tailor a campaign, and launch it in the same channel.
This creates a huge opportunity for spear phishing – or very targeted attacks that are tailored to the victim – which is why the attacks are growing.
Everyone is on Facebook
As a digital platform grows in popularity, it becomes a bigger target for cybercrime. This has been true of Apple’s OS X as it gained market share.
One reason email is one of the most popular channels for cyber crime is its popularity. Nearly 90% of people in the U.S. have an email account, according to Statistica.
Two-thirds of people in North America are on social networking sites – that’s 385 million people.
Social media adoption – and the number of threats on these networks – will continue to grow.