Are Social Media Networks The Next Cyberattack Victims?

The past year has seen a number of security horror stories. Now the big question is, who or what will be targeted next? Social risk management company ZeroFox argues that social media platforms are going to be compromised next. In a recent infographic, the company reveals that cyber-criminals are using popular social networks such as Facebook, Twitter, and LinkedIn, to launch targeted malware and phishing campaigns.

Rallying The Bot Army
Crooks rely on bot armies to successfully carry out their campaigns, whether it's malware or phishing. Bots are molded to look like trustworthy social media profiles; they usually have relevant popular content and post viral videos and articles that can reach many users. Two different types of bots exist: a bot account and a "sock puppet". A bot account is created and operated remotely through software. A "sock puppet" is a fake account operated by a person pretending to be someone he or she isn't.

After the bot army is made, the cybercriminal will decide on a target. Attacks could be focused against specific organizations, an organization's customers, or against the general public via trendjacking, a PR tactic that subverts trending topics to highlight different messages. Once a method of attack is chosen, criminals connect their bots to targeted victims by filling their bots' profiles with funny images or attention-grabbing content.

Phishing Or Malware?
Now the cybercriminal gets a choice. Does he or she want to launch a phishing campaign or a malware attack? Phishing campaigns compromise companies and their users via the front door while the latter attack compromises users via the back door. The methods are different but either way, a company is breached through social media.

If the cybercriminal decides to launch a phishing campaign, he or she will set up a phishing website disguised as a reliable site. This site is then shared with the targets, and the users are asked to share sensitive information if they decide to click on the link. If you're the unlucky user who decides to enter in this data, the crook now has access to your account and personal information. 

To start a malware attack, a cybercrook will hide malware, which has been bought or created, on websites that can download without the victim's knowledge. A shortened link to the disguised malware is shared with targets over social media. Victims that click the infected link consequently download the malware and the cybercriminal can now access your device. 

You don't want either of these scenarios happening to you or any of the businesses you use. If an infected user connects to a company network, cybercriminals will be able to access data from anywhere across the company. 

Keeping Social Safer
Don't assume you'll never fall for a trick like this in any of the social networking sites you use. Seven in every ten individuals will be duped by one of these schemes. In fact, one third of the data breaches last year were from social.

Be careful about what you share on your social networks; don't post sensitive information that could be used against you. Learn how to avoid phishing emails and think twice before clicking on a link that someone sends you.

You should also consider using a password manager to help you store and generate hard-to-crack passwords; our Editors' Choice LastPass 3.0 is a great choice. Get antivirus software for all your devices to secure your information and your gadgets. There are several options to choose from; one of our favorites is Editors' Choice Norton AntiVirus (2014). Stay a step ahead of the crooks before they can get their hands on you.

Click on the image below to view the full infographic.