Desk of the CEO: This is the Year of the Social Media Attack

In an age where social media has become the top business platform for almost every marketing and sales team, companies have to grapple with the dual definition of “exposure.”

To anyone on the go-to-market side of the house, the connotation is undoubtedly positive; social media has been a godsend. More follower yields more engagement, more engagement yields more conversions, more conversions yields more sales and customers.

However, “exposure” is also a challenge for security teams, who struggle to keep up with an eroding security perimeter. In this new paradigm, both corporate and employee activity typically occurs on unregulated and unprotected channels outside the security team’s visibility. This expanding role of the information security team requires a new approach to securing the organization. Just as they had to expand their mandate to secure the corporate website, so too must they turn their attention to the challenge of protecting the company’s social media presence, where an increasing proportion of company revenue and brand value is won or lost.

In recent years, hackers have started to abuse social media in droves for the same reasons as your marketing team is investing more time and money into leveraging the platforms: unprecedented scale, access to targets, ease of use, cost effectiveness and ability to distribute content to billions of users in under 140 characters. A malicious actor with nothing more than an internet connection can build a fraudulent profile and be up and running in minutes. Last year, we saw the social media hack come into its own as a sophisticated attack vector.

Social media hacking has been in the headlines again lately. It ranges from embarrassing account hijackings to nation-state cyber campaigns. Today, sophisticated adversaries and government cyber teams around the globe are using social media to conduct reconnaissance and launch advanced cyber attacks at individuals, corporations and governments alike.

Looking forward at the rest of the year, here’s a few of the worst breaches we saw recently, as well as some tips to keep yourself and your organizations prepared.

• 10k+ US government employees spearphished with malware-laced posts

1. Timeframe: Early 2017
2. Attack type: Targeted Phishing and Malware, Fraudulent Accounts
3. Summary: In early 2017, Russian operatives sent over 10,000 custom phishing messages via social media, each link laced with malware enabling the attacker to access and control the victim’s device. This attack represents a major advancement in cyber capabilities and an escalation of Russia’s cyberwar against the US. This is the most well-organized, coordinated attack at the nation-state level we’ve ever seen.

• 3rd-party app leads to high-profile account compromises

1. Timeframe: March 2017
2. Attack type: Account Takeover
3. Summary: A vulnerability in a 3rd-party app called TwitterCounter allowed Turkish-language attackers to hijack controls of hundreds of high-profile accounts. They posted aggressive messages against the Netherlands after a contentious week of deteriorating relations between the Netherlands and Turkey and pivotal elections in both countries. The posts used swastikas and called the Dutch “nazis.” The breached accounts included a number of global brands and well-followed, verified accounts, including Forbes, the official Bitcoin Blockchain account, Starbucks, the European Parliament, UNICEF, Nike and Amnesty International.

• Vevo hacked via targeted LinkedIn phishing attack, 3.12TB exfiltrated

1. Timeframe: September 2017
2. Attack type: Targeted Phishing and Malware, Fraudulent Accounts
3. Summary: Streaming service Vevo suffered a breach when one of its employees was phished via LinkedIn. Hackers were able to obtain and publicly release 3.12TB worth of the company’s sensitive internal data. The professional social network allows attackers to rapidly identify their target at a specific organization and send them a personalized message, all under the auspices of professional networking or recruitment.

In order for organizations to gain visibility and control across social media, ZeroFox recommends the following:

Secure your social media accounts like your corporate website

The most straightforward type of social media attack is hijacking the controls to a profile, be it an individual profile or a corporate one. The first step in building a social media security program is making sure the corporate accounts themselves are protected. To do this, treat social media just like you do the corporate website: closely audit who has access, mandate robust security settings and two-factor authentication, establish privacy policies and adjust network settings accordingly, use a protection platform to identify indicators of compromise or other suspicious activity and lock down the account.

Assess types of risks and threats

Beyond securing the accounts, organizations must address the diversity of other risks that exist outside the purview of the company’s corporate accounts. This includes both business risks and security threats, such as fraudulent accounts scamming customers, phishing attacks against employee and executive’s personal accounts, leaked data, credential loss, fake coupons and customer support agents, brand reputation damage, social engineering campaigns, targeted malware distribution, piracy and more. The risks vary based on your industry, size, social media presence and nature of critical assets. A good place to start in investigating what types are risk are damaging your organization as we speak is to sit down with the marketing and customer support teams, who as the active social media practitioners in an organization, likely have already encountered threats in the wild.

Build a social media protection task force

Security should lead the initiative for protecting social media. After all, the technical expertise required to manage and respond to a widespread malware campaign against company executives on social media is something best left to the information security team. The task force should include stakeholders from any department affected by or required in the identification and management of threats. This often includes marketing, corporate security, customer success, risk & and fraud, and sometimes human resources and legal.

Adopt an automated social media protection solution

Social media protection platforms automate the process of finding and responding to threats. They use artificial intelligence to ingest and analyze social media data related to your brand, corporation and employees, identify threats and respond in real-time. These solutions are sometimes referred to as “Digital Risk Monitoring” platforms. ZeroFox offers the only comprehensive platform on the market, recently named a leader and top ranked in strategy and vision in the Forrester Wave. 

Identify and mitigate threats as they arise

Cybercrime, fraud, fake accounts, scams and more are all in stark violation of the social network’s Terms of Service (ToS). The onus to identify and flag the risk often falls to the affected organization, if for no other reason than the sheer scale of social media and the adversary’s widespread abuse of it. Once flagged, the networks will remove the offending content. Once again, a social media protection tool can help automate this process for your team.

Following these steps will put your organization on the fast track to comprehensively addressing the risks associated with social media. If you need more information, download our free e-book, Social Media Protection for Dummies, or reach out directly to one of our experts.

A version of this article was originally posed in BRINK.