RH-ISAC BLOG

Social media is a threat actor’s recon tool

Author: Harpreet Kalra

Social media networks like Facebook, Instagram, Twitter and LinkedIn were originally designed to connect people all over the world. Now, it has become an active underworld for threat actors seeking personal and organizational information from users. Social media has become a reconnaissance tool – a tried and true method of collecting data – to hijack accounts, launch impersonation attacks and phishing scams, and distribute malware.

So how do we monitor our digital footprint to ensure we aren’t being followed? Threat actors typically have identifiable behavior and usually target individuals who hold specific positions within the company, such as executives. They’ll also pursue corporate accounts responsible for official branding and marketing, and search for names, email addresses and phone numbers that can easily be acquired from the company’s website. With this fundamental data they can search publications, news media and other sources to obtain and verify additional layers of personal identifiable information and use social media to track behavioral patterns (e.g., online shopping, political beliefs, cultural attitudes, hobbies and education, and family history).

Once these details have been acquired, threat actors can impersonate a user or organization by hijacking an official corporate account. While the idea of a classic account takeover is nothing new, the landscape of social media remains relatively unknown – a Wild Wild West for attacks to unfold and ultimately impact how they are identified and responded to. If gone unnoticed, these compromised accounts can be leveraged for more advance attacks that can subvert a vulnerable organization.

It is likely that these threats will continue to increase over time since social media remains a popular way for generations to share their lives. As they do so, more information will become readily available and accessible, and as a result, expand the attack surface of an organization. It is important for individuals and organizations alike to monitor their social media footprint and be aware of the data that is obtainable to the public. One way to learn more about mitigation and defense techniques is to attend our RH-ISAC regional Intelligence Workshop hosted by PVH Corp. at their headquarters in New York City this May.

For more information, check out the event by clicking here.

– Harpreet Kalra, intel production manager.