More Related Content Similar to InfoSec's Guide to Social Media [WHITEPAPER] Similar to InfoSec's Guide to Social Media [WHITEPAPER] (20) InfoSec's Guide to Social Media [WHITEPAPER]1. HIGHLIGHTS:
• Strategies to remediate traditional
information security risks launched on
social media
• How to leverage social media as an OSINT
threat intelligence repository
• Working with marketing to secure corporate
accounts like any other high-value asset
• Using security techniques to remediate
business risks such as piracy, counterfeit
goods, and ad dilution due to social botnets
• Outline of security’s responsibilities in
remediating each type of risk
• ZeroFOX recommendations for an
operational framework around mitigating
social media risks across the organization
WHY INFOSEC NEEDS TO CARE
ABOUT SOCIAL MEDIA
A SECURITY TEAM’S GUIDE TO COLLABORATIVELY
REMEDIATING SOCIAL MEDIA RISKS
WHITEPAPER
2. © ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 2 of 7
The information security team’s role has changed significantly
over the last few decades. Ten years ago infosec was laser
focused on securing the endpoint, getting a handle on the
extended network perimeter, and minimizing the potential
attack surface. Today, the information security team’s charter is
much more complex. Yes, infosec is still tasked with protecting
the organization from all potential information, technology, and
digital risks, but the new twist is that they must do this while
enabling more connectivity, mobility, and engagement across
the organization. Security must now facilitate the expansion of
the attack surface, something that runs counter to every fiber of
security best practices.
For security teams, this means working closely with several other
departments, specifically marketing, finance, risk management,
and fraud. These departments are all faced with risks on social
media, and security teams are now tasked with remediating risk
while enabling secure usage of social networking channels. Most
importantly, security teams must lead this initiative.
INTRODUCTION
SOCIAL MEDIA SWIM LANES
In order for each department to achieve their goals, they must know where their responsibilities fall and how to work collaboratively to
solve the security and business risks presented by social media.
SOCIAL MEDIA RISKS
FINANCE/RISK
Budgeting
Risk Modelling
SECURITY
Phishing
Malware
Social Engineering
Training/Awareness
Testing
MARKETING
Content Creation
Engagement
Optimization
Social Media
Advertising
Piracy
PII/Sensitive Info
Counterfeit Goods
Customer Fraud
Account Protection
Brand Impersonation
Hashtag Hijacking
LOSS PREVENTION
ADVERTISING
BRAND PROTECTION
Bot Followers
Fake Customer Reps
Policy Building
3. Page 3 of 7© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM
The tactics used on social media are classics: spearphishing,
malware distribution, and social engineering. The industry
has taken notice, and much has been written about the rise of
social network exploitation and the use of social networks to
compromise corporate and government networks. FireEye,
PCWorld, SecurityWeek, McAfee, and CSO/CIO Magazine all
included social media on their list of biggest and most dangerous
threat vector predictions.
According to Norton, 40% of people have fallen victim to
social media cybercrime and nearly 4 in 10 accept unknown,
unsolicited friend requests. Barracuda’s research supports this
as well: 92% of social media users report receiving spam, 54%
have received phishing links, 23% malware, and nearly 20% have
had an account hacked. TrendMicro’s research shows that 5.8%
of tweets are malicious; that’s 29,000,000 malicious tweets
per day. High profile attacks such as the Office of Personnel
Management, CENTCOM, and the HAMMERTOSS APT have all
leveraged social as an attack vector. The list goes on and on.
SOCIAL MEDIA AS A CYBER ATTACK VECTOR
Cisco’s 2015 Midyear Report
claims Facebook scams are
the #1 method for network
security breaches, far more
common than traditional email
phishing. McAfee reported
that employees experience
cybercrime on social media
more than any other business
platform, including email.
A helpful comparison can be made between email phishing and
social phishing. In the late 90’s and early 2000’s, the anti-
phishing industry sprang up around the need to detect phishing
attacks on email platforms. Social media is the next logical
evolution for attackers to target an organization’s people, who
have never been so accessible online. Social media phishing
already accounts for $1.2 billion of the total $5.9 billion lost to
phishing each year. Users are not only spending more time on
social networks than any other online platform, they are far more
willing to click potentially dangerous links while they’re at it.
SECURITY TEAMS RESPONSIBILITIES:
• Work with marketing to gain access to social accounts
• Continuously monitor corporate social media accounts for
cyber threats
• Blacklist/block malicious URLs and IPs found on social
media
• Establish workflows for dealing with social media cyber crime
targeting the organization
• Takedown malicious posts and profiles
• Test employees on susceptibility to social media cyber
attacks
• Train employees on safe usage, best practices, and what to
do in the event of an attack
• Working with marketing, keep a close eye on social media initiatives
and campaigns
4. © ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 4 of 7
Many attackers are coordinating their efforts in broad daylight. For example,
attackers launch DDoS attacks on Twitter, posting IP addresses, domains,
attack tools, the time of the attack and the desired target. Because this
all occurs on public venues, intel is readily available to security personnel.
Security teams can use that forewarning to prepare a response strategy, such
as blackholing the incoming requests or coordinating with network teams,
professional services, and ISPs.
Security teams can also monitor threat actor chatter to determine if their
organization is being mentioned. Any threats posted on social media, be it
physical or cyber, can be alerted upon. To do this, security teams ought to
establish a list of organization-specific keywords and phrases including IP,
proprietary/sensitive phrases, codebase, copyrighted content, employee
PII, and unique words and phrases such as organization monikers and
abbreviations. By analyzing the context around these unique phrases as they
appear on social media, security teams can ensure a decisive early warning
system against attacks.
SOCIAL MEDIA AS AN OSINT THREAT INTELLIGENCE PLATFORM
5. 1. ACCOUNT SECURITY
• Reduce the number of people with access to accounts
and publishing tools.
• All social logins should be routed through a centralized,
corporate controlled email address with a robust
password and 2-factor authentication.
• For networks like LinkedIn and Facebook, which
associate a company’s page with a personal account, the
admin should have extensive security controls.
• All authentication should come through a single securely
managed device.
2. CONTENT SECURITY
• Continuously monitor accounts for suspicious settings
changes.
• Continuously monitor accounts for malicious outgoing
posts.
• In conjunction with both internal and external
stakeholders (infosec department, marketing department,
social networks), establish a plan of action in preparation
for an account compromise.
Page 5 of 7© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM
When it comes to the website, marketing is in charge of conception, design, content creation, maintenance, and optimization. Security
is charged with surrounding the asset and ensuring it is safe from intruders. In the the new marketing paradigm, social media accounts
are the latest and greatest way to engage with customers and prospects. When it comes to social networking profiles, marketers aren’t
burdened by hosting, databases, network infrastructure, and development. They can focus on what they do best: content creation,
engagement, lead nurturing, and advertising. But the security team’s job hasn’t changed. They must keep a keen eye on these highly
public assets and ensure they are surrounded by the most robust protections available.
Unlike other assets, security teams can’t pull the proverbial plug on breached social media accounts, meaning the attacker can remain
in control for hours if not days. ZeroFOX research shows the average account compromise lasts 5.5 hours. At the high end, ABAJournal
took nearly three days to recover their Twitter account. The cost? Every second you don’t have control over your account causes a viral
information cascade that results in brand and customer relationship damage, loss in revenue, public relations nightmares, and huge
customer support costs.
SECURITY MUST SECURE ALL DIGITAL ASSETS
160,000 Facebook accounts breached every day.
(if you know the name of your social media manager’s dog, you are halfway
to brute forcing your organization’s account)
Other high profile
account compromises
include:
ZEROFOX RECOMMENDATIONS: A TWOFOLD APPROACH
6. © ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 6 of 7
P
© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 6 of 6
Social media can cause major headaches elsewhere in the
organization as well. Business risks such as hashtag hijacking,
corporate impersonations, customer fraud (a global annual
cost of nearly $4 billion), bot followers, counterfeit goods,
online piracy (a global annual cost of over $70 billion), and fake
customer service can hamstring an organization’s online revenue.
Using similar techniques for identifying and mitigating information
security risks, security teams can help address a variety of
threats that span information security, compliance, revenue
generation, and marketing. By continuously monitoring social
media for malicious activity, security and marketing teams can
identify profiles advertising pirated content or counterfeit goods,
thus saving the organization potentially millions in lost revenue.
Teams can also find and takedown scammers and fraudulent
actors targeting an organization’s hashtags or impersonating
the brand. This is a perfect opportunity for security teams to go
beyond locking down assets and hardening walls by empowering
other departments to do their jobs more safely and effectively.
Moreover, the financial benefit is immediately tangible and
quantifiable.
One issue of particular note is fake follower and botnets following the corporate
accounts, whether purchased by the marketing team or gained involuntarily. The presence
of bot followers makes distributing content to legitimate supporters very difficult. This issue
becomes especially problematic with social media advertising. Ads are often judged by the
number of impressions the recieve online. Because bots can account for the vast majority of
an ad’s total impressions, their presence greatly undermines marketing ad spend. In the long
run, removing fake followers leads to higher click through rate, higher conversion rate, more
engagement, and a healthier social media marketing and advertising program.
SECURITY TECHNIQUES USED TO MITIGATE
BUSINESS RISKS ON SOCIAL MEDIA
On Facebook, a post only reaches
2-7% of followers. The more bots,
the less likely real followers will see
and engage with posted content.
SECURITY TEAMS RESPONSIBILITIES
• Test and train employees on safe social media usage
• Continuously monitor for business risks on social networks
• Continuously monitor for organization-specific sensitive keywords and phrases
• Identify and remove fake followers and social botnets
• Establish workflows for dealing with business risks targeting the organization
• Takedown malicious posts and profiles
© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 6 of 7
7. © ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 7 of 6© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 7 of 6
Social media is an inevitable constant for conducting business in the modern
world. As marketers continuously expand their presence, security teams must work
alongside them to ensure it is done safely and securely.
SECURITY CANNOT SUCCEED IN ISOLATION
ZeroFOX combats the cutting-edge threat of social network
exploitation, protecting your employees, your customers, and
your business. Our software platform enables organizations to
mitigate modern infosec and business risks: targeted phishing,
account takeover, piracy, attacker chatter, customer scams, fraud
and more. Social media is the new foundation for business and
personal communication, representing the largest unsecured
network in the world; security teams must continuously monitor
for threats where their people are most vulnerable: social media.
ZeroFOX Enterprise is a cloud platform built to monitor social
media objects (profiles, keywords, hashtags, etc.) and detect
threats impacting your organization. At the heart of the ZeroFOX
Enterprise technology stack is FoxScript, a customizable
JavaScript-based language that opens the power of ZeroFOX’s
data collection and analysis engines to virtually any use-case. You
control what data to monitor and which analyses to perform.
THE ZEROFOX EDGE
Identify employee targeted phishing attacks on
social networks
Find and takedown fraudulent & impersonating
accounts
Mitigate costly customer fraud and scams
Uncover stolen information, counterfeit goods and
pirated content
Continuously monitor key employee & company
accounts for compromise
Investigate attacks being planned against your
organization
Integrate via API into existing security technology
Develop custom FoxScripts to detect unique
security use-cases
ZEROFOX RECOMMENDATIONS: A COMPREHENSIVE APPROACH
© ZeroFOX 2015 – All Rights Reserved | ZEROFOX.COM Page 7 of 7
PHASE 1: FORM A SOCIAL MEDIA SECURITY TEAM TASK FORCE
• The size and makeup of this group will vary by organization, but should include security, marketing, and any other departments
facing risks on social media (fraud, compliance, HR, sales, risk management, finance, etc).
PHASE 2: ESTABLISH CONTROLS AND BEST PRACTICES FOR PROTECTING ACCOUNTS
• 2-factor authentication, robust passwords, centralized email address for logins, password managers such as LastPass and
Dashlane, etc.
PHASE 3: TRAIN RELEVANT PARTIES ON SAFE SOCIAL MEDIA USAGE
• This should include setting passwords, clicking links, and i dentifying malicious social profiles.
PHASE 4: SECURITY TEAMS TAKE LEAD ON CONTINUOUSLY MONITORING SOCIAL MEDIA
PHASE 5: REGULAR MEETINGS TO REVIEW CONTROLS AND ASSESS EFFECTIVENESS
• The social media security task force should meet monthly or quarterly to review the initiative and make appropriate changes.