Why social media is an enterprise security threat

A look at how cybercriminals exploit social media in their attempts to compromise enterprise.

In the last 15 years, social media has exploded in popularity to the point that there are now an estimated 2.77 billion social media users worldwide. However, while social media allows us to connect with one another like never before, it also presents cybercriminals with ample opportunities to compromise business networks.

How threat actors exploit social media

A recent report, 'Social Platforms and the Cybercrime Economy', sponsored by Bromium and undertaken by Dr Mike McGuire, Senior Lecturer of Criminology at the University of Surrey, details how cybercriminals have effectively turned social media into a $3.25 billion ‘business' opportunity. It highlights the different methods cybercriminals have used to exploit social media and its users, with malware and spear phishing identified as key avenues of attack.

In particular, malware on social media is now seen as a substantial security threat. Currently, one in five organisations have been infected by malware distributed through social media, causing significant disruption to enterprise IT systems and slowing down business productivity. The recent increase in malware incidents - crypto-mining specific malware incidents doubled between 2017 and 2018 - can largely be attributed to the numerous ways social media can be exploited and used to spread it. From comments sections on popular articles to links embedded in images, when compared to ecommerce, digital media, or corporate websites, social media sites and their numerous attack vectors are seen as gold mines to threat actors.

Malware is not the only way cybercriminals can use social media to compromise business systems - they also abuse the information that users display on their social media profiles. Personal information, or information relating to the business an individual works for, can be used by cybercriminals to create intimate spear phishing campaigns designed to infiltrate enterprise networks. LinkedIn, as a social media site for professionals, is especially noteworthy in this regard. When hiring for technical roles, specifically IT or system admin positions, LinkedIn job posts often provide intimate data about how a business operates, from what scripting languages are used, to the types of databases or storage systems installed. For cybercriminals this information can be priceless.

Spoof social media accounts are an alternative avenue threat actors venture down to create problems for enterprise. Cybercriminals posing as a company's customer service arm often attempt to deceive existing customers into handing over valuable usernames and passwords, or encourage them to visit specific, malware-filled domains. In these instances, companies can face severe PR backlash, losing the trust of their customers and damaging their brand's reputation. And, with many cybercriminals seeing relatively good success from this approach, there are now nearly three times as many fraudulent accounts masquerading as legitimate businesses on social media, than actual business profiles.

Besides using social media to attack a company directly, aggressors also use it to find backdoor routes into a company. By researching a company's social media profile, resourceful cybercriminals can research their primary target's suppliers or partners and infiltrate them instead in the hopes that any disruption they can cause them will have a knock-on effect on the original target. Or, in cases where the two companies' networks are linked, threat actors may compromise the smaller, less secure organisation and piggyback their way to the larger target.

To continue reading this article register now