Targeted social media attacks said to be underreported

Cybercriminals' use of Facebook, Twitter and other social media in targeting individuals with malware is an underreported problem that affects many organizations, says one security expert.

Security company Cyber Squared reported this week how three Chinese political activists in and outside of the country were sent tweets from Twitter that contained links to two compromised websites. The sites, which included a Chinese language forum and a Tibet-related WordPress blog, loaded Adobe Flash exploits.

The tweets were sent Feb. 28 under the malicious Twitter account @hahadaxiao1. Cyber Square notified the social network two days later about the account and the associated attacks.

Targeted attacks through social media tend to be undetected by companies, so the number of attacks is underreported, said Rich Barger, chief intelligence officer for Cyber Squared.

"I think this is entirely underreported and under-detected," Barger said. "I don't think folks are looking for it."

Twitter and Facebook are often used by cybercriminals to communicate with malware in an infected computer. One of the first examples was in 2009 when Symantec reported that a Facebook account was being used to send configuration data to a Whitewell Trojan. An actual command-and-control server handled all the other chores.

The use of social media to distribute malicious links to specific individuals makes sense because of the amount of personal information available to cybercriminals through social networks. Depending on how much of a person's profile is shared publicly, a criminal can sometimes learn enough to tailor a tweet or message to trick the recipient into clicking a link.

[Also see: Social engineering -- the basics]

Also, the number of employees on social media is increasing, as companies incorporate the use of Twitter and Facebook for marketing purposes. As a result, social networks are often becoming the source for targeted attacks.

"It's growing in terms of its choice for attackers, especially when you consider how social media is being adopted almost as a standard business practice," Barger said.

The latest targeted attack shows how cybercriminals are broadening their tactics in going after individuals. In March, Kaspersky Lab reported how the hacked email account of a high-profile Tibetan activist was used in sending spear-phishing emails to not just Windows and Mac OS X computers but also Android smartphones.

"It demonstrates that in a targeted attack situation, the attackers aren't limited to a single vector," Holland said. "Whatever attack vector is required to accomplish mission objectives will be utilized."

To reduce risks, companies should make employees aware of the possibility of becoming a target by way of social media, Holland said. In addition, companies need to monitor traffic coming from social networks in order to spot abnormal behavior.

Read more about social networking security in CSOonline's Social Networking Security section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags internetFacebooktwittersocial networkingsoftwaredata protectionapplicationssymantecTargetInternet-based applications and servicesData Protection | Social Networking SecurityCyber Squared

More about Adobe SystemsFacebookKasperskyKasperskySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts