Hackers are moving away from widespread malware and focusing on targeted attacks against businesses and individuals. And that means an increase in phishing scams, as well as social media-based attacks.
As more organizations use social networking for marketing and outreach, more high-profile people inside companies have profiles on those sites — which makes it easier for hackers to find them.
And in fact, one group says those targeted social media attacks are more common than is being reported.
Security firm Cyber Squared recently reported on a Twitter attack targeting three different Chinese political activists. The hackers sent tweets to those individuals containing links to compromised sites.
Similar attacks are becoming common, according to Cyber Squared, in part because the nature of social networking makes targeted social engineering attacks easier, and because company’s security defenses may deflect attempted phishing emails.
Avoiding social attacks
As users spend more time at work on Facebook, Twitter and other social media sites for both personal and professional purposes, companies will be at a higher risk of attacks directed at social networking profiles.
To keep networks and data safe, companies can follow these keys for their corporate social networking accounts:
- Limit who can find profiles. Of course, the company’s general profile is often for marketing purposes and is therefore meant to be viewed by as many people as possible. However, that may not be a good idea for high-profile individuals within the company.
- Hide contact and other information. In addition to conducting attacks via social media, hackers can also mine those sites for information they can use in other attacks. Experts recommend companies avoid making information like employee names and job titles, email addresses, internal project names, and organizational structures publicly accessible.
- Train users to recognize social engineering attacks. Just as IT trains people to be suspicious of attachments in emails that come from unknown senders, they should also be wary of links that come from messages on social networking sites. Even messages from contacts can be dangerous, because many attacks involved hijacking people’s accounts to send messages to their friends.
- Monitor traffic coming from social networks. That will help spot and stop abnormal and suspicious behavior.