by Jane Ginn
More businesses are gleaning personal information and other types of data from social media and online sites, importing it to their internal databases and using it to make business decisions. What types of risks does this create for the business? How could this practice impact data integrity?
In a 2011 report from M86 Labs (2011) the authors describe several social media campaigns used to lure unsuspecting users to click on hyperlinks infected with malicious code. Twitter users were ‘notified’ of activity on their account and lured into clicking on a link to visit their account. The report also detailed a cyber-campaign using LinkedIn notifications in a blended threat spam campaign. In the linked-in campaign the users were taken to a server hosting the Blackhole Exploit kit which then “attempted to exploit vulnerabilities in Java, PDF readers and other client-side software applications” (ibid, pg. 13).
Companies using Twitter and other social media sites to generate metrics run into problems that are two-fold:
- Spoofed sites designed to exploit users are not legitimate traffic from people seeking information on the product or service offering; and
- Company representatives that perform social media functions run the risk of having their computers infected with malware which could, in turn, open the enterprise up to more widespread infection and loss of valuable PII or intellectual property.
If a user with a computer that has not been updated with all of the latest security patches visits a spoofed site they open themselves up to many different types of exploits.
Adobe vulnerabilities accounted for 6 of the top ten, and the Java Web Start vulnerability moved from 15th to 11th position in just 6 months.
Apart from the infection risk is the use by companies of analytical data for business decision-making. Companies use network traffic to gauge effectiveness of ad campaigns, product launches, channel ratings and many other things. Budget decisions are often based on these data. If the integrity of the data has been compromised by malware infection the accuracy of all subsequent decisions is diminished.
An infected computer on a network behind the firewall and behind intrusion detection devices can infect an entire enterprise network. Malicious scripts can include code for privilege escalation, code for facilitating remote access, code for botnet usage or a number of other exploit types. Often these malicious scripts use “packers” as a way to compress the code while applying encryption. This design is for evading detection and reducing their memory footprint.
Infections can lead to not only data loss, but also use of network resources, such as Web servers, as nodes on a criminal network. The 2012 Trustwave Global Security Report (2012) indicated that since 2010 attacks to web servers and fraud attempts are on the rise. They note that “Web server attacks are, for the most part, to host phishing, Trojans, malicious scripts and tools to attack other Web servers” (ibid, pg. 16).
Of great concern to many companies is data loss and leakage, sometimes known as data exfiltration.
Over 70% of the data exfiltration reported by Trustwave was over port 80, for HTTPS, and port 443 for FTP.
In conclusion, the use of social media opens the enterprise up to specific data integrity risks that need to be accounted for in both the patching policies of the social media representative(s), and in the architecture of the network itself. A defensive network design that significantly limits access of social media representatives to other mission-critical network resources can help to ameliorate these risks.
M86 Security. (2011). Security Labs Report: January – June 2011 Recap. Irvine, CA: M86 Security.
Trustwave. (2012). Global Security Report. In S. Brown (Ed.). Chicago, IL.