One of the trending news headlines of the 21st century has been cybercriminals attacking celebrity and government officials’ social media accounts. With an increase of 43% in social media fraud attacks since 2019, cybercriminals are looking for new ways to exploit platforms such as Twitter, Facebook, LinkedIn, and Instagram.
In the cybersecurity community, we often see social media as a vector for attack, or simply a means to an end. We see this in cases of cybercriminals spreading malware and misinformation. For example, in May of 2016, LinkedIn was hacked, and 117 million credentials were exposed. In 2017 Vevo fell victim to a phishing attack, and 3.12 terabytes of sensitive company data were exfiltrated. In August of 2017, Slack was hacked, and as a result, a half-million in Ether coins were stolen. Twitter was hacked in July 2020, and influential accounts were used in a bitcoin theft operation.
For security professionals to continue to secure platforms and clients against cybercriminals, we must understand what motivates these criminals to attack social media platforms. In this video, VerSprite Sr. Threat Intelligence Consultant Bethany Keele dives into the three most common motivations cybercriminals have to target social media platforms, according to 2020 threat trends.
Not only do cybercriminals use phishing attacks to gather information on targets from social media, but they can also use it to target the accounts of high-profile individuals. An example of this was the Twitter hack in July 2020. On July 15, 2020, Twitter employees were targeted through a spear-phishing attack. As a result, Twitter accounts for influential people, such as Barack Obama and Elon Musk, who were compromised were used as a platform for a bitcoin scam.
As social media platforms continue to increase in popularity, they have become more attractive targets for cybercriminals due to their ability to target mass amounts of people through hacked accounts. An example of this was seen in early 2020, when a Roblox hack occurred and attackers took over gaming accounts to spread pro-Trump election propaganda. A less public attack was the Reddit hacks that also happened in 2020 with purportedly the same motivation to spread false information about the US presidential election. Targeted Reddit moderator accounts were compromised to spread pro-Trump election propaganda on popular subreddits that reach large audiences.
With their ability to reach mass audiences and influence users, social media has become the new battleground for cyber warfare. Nation-states and state-backed cybercriminals use social media to influence, disrupt, and act on their political agendas against foreign governments.
An example of this can be confirmed by US government threat intelligence agencies and various organizations that reported evidence of Russia interfering with the 2016 US presidential election by spreading misinformation. According to Microsoft, Russia state-backed threat actors are actively engaging in attacks against campaigns and parties for the 2020 election as well. Vice Chairman of the Senate Select Committee on Intelligence, Mark Warner, stated at a cybersecurity conference that Russia tried to exacerbate the political parties’ divisions to create disparity by creating fake accounts on social media.
Russia is not the only country engaging in cybercriminal campaigns on social media. Iran, because of the killing of Iranian Major General Qasem Soleimani, is sponsoring social media disinformation campaigns. With their ability to reach mass audiences and influence users, social media has become the new battleground for cyber warfare.
VerSprite’s Threat Intelligence team can test and implement effective social media policies that include hardening practices into organizations to promote a security-conscious attitude amongst the employees. This can reduce the overall risk of an employee’s social media platform being a target of a financial gain phishing attack, mass audience targeting, and cyber warfare. Learn more about how VerSprite’s Threat Intelligence team can help strengthen your overall security posture->.