Hackers find social media easy prey

Monday, 9 October 2017 00:00 -     - {{hitsCtrl.values.hits}}

At the Daily FT-CICRA Summit, social media security specialist the US-based ZeroFox’s Executive Vice President Global Services Gabe Goldhirsh shared key insights to the growing risks of cyber security in the world’s fastest growing platform. 

US based ZeroFox Executive Vice President Global ServicesGabe Goldrish

Listing three truths about social media he said social is everywhere and social hacking is easy and that most information security isn’t tooled. Explaining why social is everywhere he said 1/3 people are on social globally; 27% of all internet time is spent on social; more communication on social media than email; 83% of global organisations use social as a ‘key business platform’.

To drive home the point why social hacking is easy, he said this is because social media is an end-to-end profiling and engagement platform; it is easy to use; can create a profile in minutes; easy to establish ‘trusted relationships’ and there are no barriers to entry. Additionally given its global scale, it is easy to find a target internationally or use at that scale.

Justifying his assertion that most information security isn’t tooled ZeroFox official said threats on social media don’t touch the SOC/perimeter and InfoSec has no control over external threats despite internal impact. Furthermore, remediation can be cumbersome, not immediate or guaranteed and despite social overtaking email, it isn’t allocated sufficient priority within security stack.

Citing some global assessments, Goldhirsh said according to Cisco “Social media is the most commonly used method to breach the network and distribute malware.” According to Kaspersky the yearly cost of social media phishing is $1.2 billion whilst Intel McAfee has said employees experience more cybercrime on social media than any other business communication platform including email and filesharing. According to Gartner “Due to the amplification effects of social media, [reputational risk] operational losses can greatly exceed the value of the physical loss from a risk event,” whilst Forrester has said “When it comes to the myriad of risks companies face across digital channels, security and risk pros track a much smaller portion of their environment than they realise. Without comprehensively and persistently monitoring digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risks. 

He also referred to a New York Times article which stated hackers hide cyber attacks in social media post.

ZeroFox official shared with Daily FT-CICRA Cyber Security Summit participants 10 tactics for social media hacks:

Tactic #1: Impersonations. Instances of fraudulent accounts increased 110% in the past 24 months. 38% of brand impersonations drive users to phishing pages as per ZeroFox data.

Tactic #2: Account Hijacking: New York Post says 1.8 Facebook accounts hacked every second; 600,000 every day. Harris Poll revealed 2 in 3 social media users have had their accounts hijacked

Tactic #3: Malware Via Social Phishing: Kaspersky says 7.57 million victims of social

phishing annually and according to CISCO the Facebook is the most common delivery mechanism for malware; the number one way to breach the network. According to RSA the global cost of social media phishing is $1.2 billion.

Tactics #4: Customer Compromise: FBI maintains that $10+ million of dollars in direct

revenue loss annually and social media complaints on the rise, up to 92/day (32K/year). In the past the adage is “Buyer Beware” but today it is “Be Aware of Buyer.”

Tactic #5: Piracy & Counterfeits: As per US Consumer Fraud Center 2% of all goods sold online are counterfeit and Association for Corporate Growth estimates US businesses lose $200B in revenue /year whilst Recording Industry Association of America states 7% of all internet traffic is directly related to online piracy. According to the Institute for Policy Innovation online piracy costs $58 Billion/year globally.

Tactic #6: Fraud & Scams: As per the US Coupon Information Center 400,770 fake coupons / year whilst according to Cybersource retailers lost $3.5 billion last year to online fraud. ZeroFOX data shows scams are posted 3x faster than they are taken down and money flipping scams on Instagram alone cost banks roughly $420 million every year.

Tactic #7: Information Leakage: According to InfoWatch over 1,500 data leaks occur every year and 72.8% from insiders and Ernst & Young states the average cost per record lost is $214, data breach is >$7M.

Tactic #8: Compliance Risk: SecurityWeek has said organisations commit an average of 69 unmoderated compliance violations on social media every year.

Tactic #9: Physical Security: Insurer AIG has said 40,000 kidnap-and-ransom cases involving businesses travellers are reported annually whilst the US State Dept says 70% of overseas kidnappings of US citizens goes unreported.

Tactic #10: Employee Compromise: Intel McAfee states employees experience more cybercrime on social media than any other business platform, including email and file sharing and Wombat Security Technologies, employees struggle with “using social media safely” more than any other online activity. Barracuda Networks states 92% of employees have experienced cyber attacks on social whilst antivirus software maker Norton security 36% of employees accept unsolicited friend requests; only 11% open unsolicited emails.

COMMENTS