With more than 61 per cent of UK adults now accessing social media sites to communicate with their network of friends, upload photos, and post opinions, cybercriminals are adapting their behaviour to take full advantage. The recent LinkedIn security breach that released more than six million passwords into the wild highlighted this cyber trend and the need for more robust security when dealing with social media. However, it also highlights the need for more awareness and education among users of social media.
Hackers are increasingly targeting individuals through a combination of social media sites to build a profile ripe for attack. With research from MyJobGroup claiming that 55 per cent of the respondents access social media sites while at work, the potential impact to a business cannot be overlooked.
First, attackers will identify which particular organisation they want to target – whether the motive is corporate espionage or financial gain. Then they will look on various social networks for individuals who are employed with those organisations, perhaps within a particular function such as finance or human resources. The attacker will look to befriend these individuals, building a network within the organisation and tricking unsuspecting users into accepting a friend request even if they don’t know the individual personally.
Once an attacker has established one connection, it becomes easier to establish others providing a source of additional information about the target’s interests, making a spear phishing attack easier. Once the attacker has built the profile of their target, they can tailor the attack to appear like something the target is receiving from a friend about a topic they are interested in. The target will be more inclined to click on these links that lead to a quiet attack and ultimately give the attackers access to the corporate network.
While some businesses will avert these threats by blocking employee access to social media while on corporate equipment, there is more value having employees engage with their social networks – whether that is for recruiting, building partnerships or engaging customers. Companies therefore need to teach employees about the dangers of social media when combined with today’s social engineering attacks as well as best practices when engaging on social media.