Abstract image of profile

by Jane Ginn

More businesses are gleaning personal information and other types of data from social media and online sites, importing it to their internal databases and using it to make business decisions. What types of risks does this create for the business? How could this practice impact data integrity?

In a 2011 report from M86 Labs (2011) the authors describe several social media campaigns used to lure unsuspecting users to click on hyperlinks infected with malicious code.  Twitter users were ‘notified’ of activity on their account and lured into clicking on a link to visit their account.  The report also detailed a cyber-campaign using LinkedIn notifications in a blended threat spam campaign.  In the linked-in campaign the users were taken to a server hosting the Blackhole Exploit kit which then “attempted to exploit vulnerabilities in Java, PDF readers and other client-side software applications” (ibid, pg. 13).

Companies using Twitter and other social media sites to generate metrics run into problems that are two-fold:

  • Spoofed sites designed to exploit users are not legitimate traffic from people seeking information on the product or service offering; and
  • Company representatives that perform social media functions run the risk of having their computers infected with malware which could, in turn, open the enterprise up to more widespread infection and loss of valuable PII or intellectual property.

Spoofed Sites

If a user with a computer that has not been updated with all of the latest security patches visits a spoofed site they open themselves up to many different types of exploits.

Adobe vulnerabilities accounted for 6 of the top ten, and the Java Web Start vulnerability moved from 15th to 11th position in just 6 months.

Apart from the infection risk is the use by companies of analytical data for business decision-making.  Companies use network traffic to gauge effectiveness of ad campaigns, product launches, channel ratings and many other things.  Budget decisions are often based on these data.  If the integrity of the data has been compromised by malware infection the accuracy of all subsequent decisions is diminished.

Network Infections

An infected computer on a network behind the firewall and behind intrusion detection devices can infect an entire enterprise network.  Malicious scripts can include code for privilege escalation, code for facilitating remote access, code for botnet usage or a number of other exploit types. Often these malicious scripts use “packers” as a way to compress the code while applying encryption.  This design is for evading detection and reducing their memory footprint.

Infections can lead to not only data loss, but also use of network resources, such as Web servers, as nodes on a criminal network.  The 2012 Trustwave Global Security Report (2012) indicated that since 2010 attacks to web servers and fraud attempts are on the rise.  They note that “Web server attacks are, for the most part, to host phishing, Trojans, malicious scripts and tools to attack other Web servers” (ibid, pg. 16).

Of great concern to many companies is data loss and leakage, sometimes known as data exfiltration.

Over 70% of the data exfiltration reported by Trustwave was over port 80, for HTTPS, and port 443 for FTP.

Conclusion

In conclusion, the use of social media opens the enterprise up to specific data integrity risks that need to be accounted for in both the patching policies of the social media representative(s), and in the architecture of the network itself.  A defensive network design that significantly limits access of social media representatives to other mission-critical network resources can help to ameliorate these risks.

____________________________________________________________

References:

M86 Security. (2011). Security Labs Report: January – June 2011 Recap. Irvine, CA: M86 Security.

Trustwave. (2012). Global Security Report. In S. Brown (Ed.). Chicago, IL.

author avatar
Jane Ginn CTIN President & Co-Founder
Jane Ginn ~ As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn: www.linkedin.com/comm/mynetwork/discovery-see-all?usecase=PEOPLE_FOLLOWS&followMember=janeginn
Translate »