Falling Through Cracks in the Social Network
Mobile has created an effective channel for attackers to mine our social data and the variety and reach of the onslaught is breathtaking. Social engineering is a particularly cynical approach that builds ‘friendships’ and establishes trust, all the while extracting operable personal information. ISIS has employed this type of attack, sharing personal information, home addresses, family photos and more, all gathered from the social media accounts of defense forces personnel.
Targeted phishing, known as spear phishing, are attacks directed at individuals and organizations to extract money and valuable data. In these scenarios, attackers exploit users’ fears to get them to part with their money, rather than by exploiting any vulnerability in a system. When directed at high-level business executives, this form of attack is evocatively termed, whaling. Spear phishing is insidious and unfortunately, highly effective.
Social media websites themselves may not be the bastions of data integrity that they would have us believe. LinkedIn bled out approximately 6.5 million user passwords in 2012. Facebook’s famous 2016 hack exposed the personal information of 50 million users. Instagram’s 2018 breach saw users locked out of their own accounts. The most consequential beach to date was in the Google+ network that exposed the private unshared data of 52.5 million users. This attack was so serious, it effectively ended the social media platform and heralded a series of widespread reform measures.
These attacks are just the tip of the iceberg. With 44 records stolen per second, the issue is increasingly pervasive. The safeguards aimed at preventing these attacks have an uphill battle to fend off a dizzying array of threats to social media stability. Intrusion Prevention Systems (IPS), are not yet smart enough to cut dangerous connections based on content or syntax. It took only one attempt for hackers to infiltrate a Pentagon official’s computer, disguised as a Twitter link to a family friendly vacation. No alarms were raised by the seemingly innocuous link. Nothing in the makeup of the message alerted officials to the reality that the sender of the link was a Russian bot. The concern in the wake of this attack is that social media now represents a weak spot for national security. The threat to safety posed by social networks is exponentially greater due to the widespread perception that we are communicating only with our own close networks. Clearly, this is not always the case, and with a Statista report showing 81% of the US population with at least one social media account, it’s not at all surprising.
Bad Actors and the Abuse of Trust
Sorry Not Sorry