Social Media Attacks
This past couple of weeks, we saw quite a few social media accounts get hacked. Twitter, LinkedIn, and even Tumblr accounts fell prey to hackers who used the accounts to send their own messages.
Social media accounts are some of the newer targets for hackers. Most people consider their social media account innocuous and useless to an attacker. This couldnâ€™t be further from the truth. Social media accounts can and are often used as a foundation to gain access to higher level credentials.
With a social media account in-hand, an attacker will usually follow one of two patterns to maximize the impact of the attack: The first approach is to send out messages masquerading as the real user. Many security professionals advise users to avoid messages from "untrusted sources." With the social media account in-hand, the attacker becomes a "trusted" source and can use that trust to gather additional information from the real user's list of contacts. These contacts could be higher ranking employees within an organization. The social media account serves as a foundation to further promote the hacker's intentions.
The second use is for political purposes. This past week several celebrity Twitter accounts were hacked. Instead of sending out-of-character tweets, the hackers can send a couple messages throughout the month that stay in-character for the real owner but send specific political statements to the owner's followers. The idea is to stay in-character so that the original owner does not realize that they have been hacked. With very few message sent and staying in character, the attacker can accomplish his mission of sending political messages to several thousands (even millions) of followers.
The recent social media attacks remind us that we need to be vigilant with social media security and passwords. Facebook is on the forefront of security research and social media account protection, but users should also be diligent when creating passwords and know the red flags when replying to any email or entering information in a website that asks for social media credentials.