There was a time when the biggest threat that social media had on your business was the distraction it created for employees and work time wasted. Today, these platforms present far more than just a productivity drain for organizations. They serve now as an attack avenue that leads hackers and their collection of malicious codes straight into your organization. New research from Bromium from February of this year found that one in five organizations have been infected with malware distributed through a social media platform. Even more alarming is the fact that 12 percent of those infected organizations experienced a data breach as a result.
Social media it turns out is the perfect Trojan Horse. The latest estimates have 2.8 billion people using one social media account or more. For the same reasons that pickpocketers hang out at crowded airports, train stations, and tourist areas, cybercriminals have learned that users are congregated throughout the day on social media. Compounding the issue is the sense of trust that users have with their favorite social media platforms, which brings down their guard while perusing their preferred sites every day.
Users already feel comfortable enough to post personal information such as birthdates, current location, and personal preferences and engage with unknown third parties. Many openly accept message requests from total strangers. After all, isn’t social media just one big happy family of people longing to connect? As a result, users have an unhealthy level of conviction when it comes to social media. Combine the mind-boggling number of users with the undeserved sense of confidence of social media and it’s easy to understand how hackers can reach and infect so many millions of users on a global scale.
According to an article in Computer Weekly this year, cybercriminals made $3.25 billion last year by exploiting social platforms. The article summarized information from an extensive study conducted by the University of Surrey concerning the disturbing trend of the utilization of social media to distribute malware. Some of the findings included the following:
Another reason why social media platforms make such an effective way to distribute malware is the fact that there are so many more delivery methods for malicious code such as malvertising, shared links and images, plugins and digital media. The constant sharing of content and even profiles promotes the spread of malware even further.
Some Real Examples
Social media users feel comfortable clicking on things on their trusted platforms, which is something that hackers exploit. Cybercriminals have been using fake “Confirm that you know” emails to try and redirect LinkedIn users to malicious sites. Posting comments on Instagram that direct users to rogue sites is also a common ploy. Then, of course, there is the tried and tested the use of phishing links that are proving more effective on social media than email, as email users have increased their security awareness to these types of scams.
According to an article in Inc. Magazine, Facebook has admitted to disabling 1.3 billion fake accounts. Hackers use fake accounts and then link them to other phony profiles in order to boost credibility and recognition. Bots then use these fake accounts to distribute malicious content, generate fake likes, retweets, and views. They can also perform a type of DDoS attack in which comments are created so quickly on a company’s brand profile that they cannot delete them fast enough.
Hackers are starting to move some of their promotional efforts from the Dark Web onto social media outlets. Malicious tools, services and botnets are openly marketed on well-known platforms. These promotional efforts are used to recruit new talent and sell malicious tools and services on the open market.
There are some basic common sense measures you can take to help protect yourself from social media threats.
A recent study by Spiceworks revealed the extent of the problem. 28% of employees at large companies (more than 1,000 employees) spend more than four hours a week on personal Internet use and the percentages increase to 45% for mid-sized businesses and 51% for small businesses. The difference in those figures reflects the fact that more large businesses have implemented web filters. 89% of large companies have implemented a web filter to curb or prevent personal Internet usage and, as a result, benefit from an increase in productivity of the workforce.
The Spiceworks study revealed 90% of large companies use a web filter to block malware and ransomware infections. A web filter prevents employees from accessing websites known to be used for phishing and those that host malware. 38% of companies had experienced at least one security incident in the past year as a result of employees visiting web pages for personal use, most commonly webmail services and social media channels.
Additional benefits of web filtering include improving network performance and ensuring sufficient bandwidth is available for all users – by blocking access to bandwidth-heavy online activities such as gaming and video streaming. From the productivity gains alone, a web filter will pay for itself. Add in the costs that are saved by preventing malware and phishing attacks and use of a web filter really is a no brainer.
Sign-up for email updates...