Our latest Tweetchat was on the topic of Social Media risks and featured guest Joseph Steinberg.
Why did we choose social media? Social channels are easy to overlook when companies are assessing assets and assigning criticality. Social usually falls under the banner of marketing, so IT teams sometimes have little or no visibility altogether into the digital footprint a company may have across social networks.
Because of this, it’s not uncommon to see social media accounts both attacked, or used as a medium through which attacks are launched or co-ordinated.
But what do the security people who hang out on Twitter think about all this?
Who is the most dangerous of all?
Q1 Which social media network do you think is most insecure or dangerous to its users? Why? #AlienChat pic.twitter.com/LTYplCowuM
— AlienVault (@alienvault) May 3, 2018
We didn’t waste any time, wanting to know which social media network posed the greatest list. Facebook was mentioned several times.
A1: I am going to go with facebook but I feel alot is down to the social media user as to what they share and to who. #alienchat
— Frontline Cyber Sec (@FLCyberSec) May 3, 2018
Q1 I think Facebook is, due to all that very personal information and pictures, and the fact that most users in the past were unaware of the dangers #alienchat
— Kate Brew (@securitybrew) May 3, 2018
And even Snapchat got a mention for being posing more danger to children from a bullying perspective.
A1 from a safe and secure position for children - SNAPCHAT - too easy for cyber bullying #AlienChat
— James CISSP (@James_McQuiggan) May 3, 2018
Joseph laid out a balanced view on how each social media network brings its own unique set of risks.
A1: Each social network creates its own unique set of risks – e.g., People seem to overshare personal information on Facebook more often than on LinkedIn ... #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A1 …But, sometimes inadvertently leak information about reporting structure at work, or about security technologies used at work, on LinkedIn… (cont.) #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A1 …On Twitter, people sometimes fire off quick thoughts without sufficient consideration as to the ramifications of what they are saying… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
Risky business
Next up, we were interested in what advice people would give to businesses on specific social media risks to look out for.
Q2 What risks should businesses look out for when using social media? #AlienChat @briankrebs @evanderburg
— AlienVault (@alienvault) May 3, 2018
Most of the comments pertained to users over-sharing information on social networks. Be that personal information, location, or corporate details through text or photos.
Unintentional sensitive information disclosure, Political and sentimental posts, reputation damaging posts.
— Charles Chibueze (@C_Chibueze1) May 3, 2018
Exposing information about systems and software used
— Ryan Beegel (@RyanBeegel) May 3, 2018
A2: … Also, In terms of scams on social media, here are several to look out for…https://t.co/NgdShVRulP #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
Q2 Monitoring your employees on social media means establishing clear guidelines. Have a documented Acceptable Use Policy and regularly review it with your people. Encourage them to do right #AlienChat
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
Social Media as an attack tool
Is social media used as an attack tool?
Q3 Do you see social media being used to launch attacks e.g. by being used as a command and control service? #AlienChat
— AlienVault (@alienvault) May 3, 2018
Our very own Chris Doman gave some interesting examples.
Miniduke are fascinating, if you're interested F-Secure did a great write-up https://t.co/CBTu8NS8WY
— chris doman (@chrisdoman) May 3, 2018
Very tricky to detect at the network level. Here's an account on Twitter used to control Miniduke (https://t.co/sNHCcQBRVY) malware -> https://t.co/k5HjVze3T1
— chris doman (@chrisdoman) May 3, 2018
While others gave some interesting viewpoints
Q3 We're seeing bots all over Twitter. The ability to inject code where it's was never meant to go. Exploiting our love of social media goes beyond fake news. What aren't we looking for?#AlienChat
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
A3: Not so much control but alot are coordinated via social media. #alienchat
— Frontline Cyber Sec (@FLCyberSec) May 3, 2018
Remember Mirai 2016? #AlienChat
— 4bby (@4bbyn0rmal) May 3, 2018
Monitoring capabilities
Q5 What social media monitoring capabilities do you have or wanting to implement? #AlienChat
— AlienVault (@alienvault) May 3, 2018
What social media monitoring capabilities are companies looking for? Multi-factor authentication was mentioned a few times – pretty timely as the tweetchat took place only a few hours before Twitter recommended all users change their passwords.
Interesting question. Personally, I'm not keen on monitoring. But I can see the business and political implicationsn #alienchat https://t.co/ognk3HMXHn
— Kate Brew (@securitybrew) May 3, 2018
A5: We obviously have SecureMySocial which warns people in real time if they are making potentially problematic social media posts… We use multi-factor authentication on all social media accounts… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
#AlienChat A5: I want no monitoring capabilities specific to social media. https://t.co/0xpeTCFNlm
— #Thinker (@tb_thinker) May 3, 2018
Attack trends
Q6 What attacks do you think will be most prevalent on social media in the future? #AlienChat @BrianHonan @campuscodi @DBaker007
— AlienVault (@alienvault) May 3, 2018
Next, we looked forward and asked what trends would appear to be on the rise in the future. To which the answer was almost unanimously phishing, scams, and other tricky posts.
#AlienChat A6: The easiest attack will be the first to be prevalent. So I say phishing... https://t.co/igfHqCvBAH
— #Thinker (@tb_thinker) May 3, 2018
A6: Using social media to spread scam posts that collect data, deliver malware, or trick people into sending cryptocurrency to crooks, believing false information (e.g., #FakeNews), etc… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A6: … and impersonation will continue… We see it a lot w/ social media handles that impersonate legitimate parties… e.g., @JoesphSteinberg looks a lot like @JosephSteinberg and can also be entered via a typo #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A6: … In recent days I have been dealing with a whole bunch of fake accounts offering bogus contests that give away cryptocurrency – the accounts posting these often impersonate real cryptocurrency companies… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A6: … I suggest checking out this list that I created as well: https://t.co/NgdShVRulP #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
Q6 I see the ability to manipulate and influence being abused. People cannot tell the truth from the trash when it's presented as legit. And fake accounts make things so easy. #AlienChat #SocialMedia
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
Mandating social media security controls
Are there any controls people would like to see mandated?
Q7 What social media security controls do you think should become mandatory for companies? #AlienChat
— AlienVault (@alienvault) May 3, 2018
Joseph correctly pointed out that mandated is a pretty strong word.
A7: Mandatory is a strong word and implies government involvement and oversight, which may or may not be a good idea depending on how it is implemented… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
While I took the opportunity to drop in a hip hop reference
ooh interesting, your chance to play Warren G and Nate Dogg (Regulators)... apologies to anyone under 35 that probably won't get that reference #AlienChat https://t.co/u2BIbcfQHx
— Javvad Malik v2.0 (@J4vv4D) May 3, 2018
Q7 Corporate accounts are limited access and monitored consistently. It should be evaluated in terms of Policy and Processes during security audits. But that's the easy part ...#AlienChat
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
Q7 What's hard is handling how your employees are communicating on social media. What do they share on their personal accounts without realizing? What pics wind up on Instagram with unexpected details that help with recon and OSINT?#AlienChat
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
A7: … Based on the questions that were posed to Mark Zuckerberg by lawmakers last month I think Congress would need to learn a lot more about social media and data privacy before regulating… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A7: … But there certainly could be consequences established for firms that leak private information due to gross negligence… This will likely eventually happen either via civil suits or via legislation… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
The role of threat intelligence
What role does threat intelligence play in social media security?
Q8 Do you think threat intelligence will or should play an increasing role in social media security? #AlienChat @patrickcoomans @techjunkiej
— AlienVault (@alienvault) May 3, 2018
Pretty much everyone agreed.
Of course, provided the CTI is sufficiently contextualized and validated.
— Patrick Coomans @B-Hive (@patrickcoomans) May 4, 2018
A8: Of course. In every area of security… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
Q8 Absolutely. Monitoring and tracking social media is a key part of threat intel. You glean so much information. This is data that can become actionable quickly. It has context and relevance to individuals and organizations.#AlienChat #SocialMedia
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
Wild predictions
Finally, to finish up, we asked for what people believed would be the most off-the-wall security prediction for social media in the future.
A9: Probably, that because social media evolves so rapidly, we have far less of an idea as to what it will look like in 5 or 10 years than we think we do… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A9: …And, therefore, we probably cannot properly perceive some of the risks that it will create and what will work to address them… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
A9: Not that many years ago major businesses addressed the risks of social media by not being on it and telling their employees not to use it, or at least not to use it for posting about anything work related… #AlienChat #SocialMedia #CyberSecurity #InfoSec #SocialMediaSecurity
— Joseph Steinberg (@JosephSteinberg) May 3, 2018
Q9 Weaponizing all that data harvested. And in response, far more intrusive monitoring solutions#AlienChat #SocialMedia
— 3ncr1pt3d (@3ncr1pt3d) May 3, 2018
Thanks for having me on!
The year is 2022 society is rebuilding after the great privacy wars... Anonymous social media usage has been outlawed. Every child is given a social media profile at birth that is unchangeable and used as their primary form of ID. #AlienChat https://t.co/BgtIJA9QFl
— Javvad Malik v2.0 (@J4vv4D) May 3, 2018