Social media is now the top delivery vehicle for malware. And social media attacks are no longer limited to those who simply post too much private informatio to their profiles. They utilize advanced techniques. What are those techniques and what can you do to avoid them? Security and forensics analyst Paul Henry of Lumension explains
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
2011 Social Media Malware Trends
1. Social Media as the Top Malware Delivery Vehicle: How to Protect Your Network Presented by Paul Henry Security and Forensic Analyst, Lumension MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFA, VCP, SANS Institute Instructor
These are the concerns many IT administrators face when deciding whether or not they should allow network users to access social media sites. Due to the excessive amount of malware currently entering corporate networks of all sizes via social media, not to mention the fear that these sites contribute to lost productivity, many organizations face the issue of how to ensure their corporate networks remain secure as employees access these sites and whether or not they should whitelist them – i.e. allow them to run on users' machines at all. But users often demand access to these sites and for some, they are necessary to their jobs. Thus, there is no need to blacklist these sites altogether. It is possible to maintain control and security and I’ll tell you how to do so, beyond simply investing in new technology.
Before I discuss how you can safely allow users in your network to access social media sites, I’d like to outline a number of techniques hackers are using to exploit social media users today. I think it’s always useful to have a grasp on what exactly you are dealing with before implementing the policies to prevent it.
Hackers are now creating transparent gifs that hover over the like button and may lead to an unintended effect once the user clicks
These are just some of the more common ways hackers take advantage of social media sites. And just like other types of malware, they are continuously evolving and becoming more intelligent; and hackers and consistently finding new ways in. This can seem overwhelming and a lot of us are often left with the feeling that in order to safeguard our networks, we have to invest in a multitude of security products (e.g. AV, firewall, device control, encryption, etc.) But there are a number of techniques you can employ without having to invest a fortune. That doesn’t mean you don’t need at least some form of endpoint security software (I’ll discuss the basics of what you do need later) but these are solutions you can employ before deploying your solution or in addition to it, in order to further safeguard your network.
There are a number of steps you can ask network users to take when visiting social media sites. And these are not time consuming or burdensome at all – they are simple steps that could mean a world of difference between not only your network’s security, but also their own! Ask users to ensure the page is secure – e.g on Facebook: change to HTTPS Account>Account Settings>Account Security and select the secure browsing / HTTPS checkbox and your FB visit including your login will be encrypted How spear phishing works Sharing personal info makes it easier for someone to steal your identity If you receive a request or message from a name you don’t recognize, chances are it’s someone up to no good This is such a basic step but I am always amazed at the number of attacks that happen due to simple or default passwords – make sure that users understand what constitutes a strong password and that they know to change it often (elaborate on how often)
While educating users is beneficial, you may need to communicate rules or policies to them as well. Of course, you always face the risk of some folks disregarding them but as I said earlier, they need to know it’s not just the corporation’s information at stake, it’s also their own! That being said, it’s always good to have some kind of policy enforcement tool in effect, such as whitelisting (i.e. only allowing downloads from approved sites) – more on that later.
There is a multitude of endpoint security solutions on the market today. That doesn’t mean you need to buy 18 different products to get the job done. The opposite is true as today’s IT administrators are often overwhelmed by a multitude of consoles and their networks suffer from decreased performance due to agent bloat. And AV alone will no longer do the trick (CSI/FBI report: 97 percent of users reported using traditional AV and 67 percent of those said they were still having malware issues). A single, all-encompassing solution (i.e. a suite) is the best prevention method.