In this article you will learn Social Networking Sites, Insider Threats, Type of Insider Threats and Insider Attack Effective etc.
Impersonation on Social Networking Sites
Today social networking sites are widely used by many people that allow them to build online profiles, share information, pictures, blog entries, music clips, and so on. Thus, it is relatively easier for an attacker to impersonate someone, The victim is likely to trust them and eventually reveal information that would help the attacker gain access to a system.
This section describes how to perform social engineering through impersonation using various social networking sites such as Facebook, LinkedIn, and Twitter, and highlights risks these sites pose to corporate networks.
Social Engineering through Impersonation on Social Networking Sites
As social networking sites such as Facebook, Twitter, and LinkedIn are widely used, attackers used them as a vehicle for impersonation. There are two ways an attacker can use an impersonation strategy on social networking sites:
- By creating a fictitious profile of the victim on the social media site
- By stealing the victim’s password or indirectly gaining access to the victim’s social media account
Social networking sites are a treasure trove for attackers because people share their personal and professional information on these sites, such as name, address, mobile number, date of birth, project details, job designation, company name, location, etc. The more information people share on a social networking site, the more likely an attacker would impersonate them to launch attacks against them, their associates, or organization. They may also try to join the target organization’s employee groups to extract corporate data.
In general, the information attackers gather from social networking sites include organization details, professional details, contacts and connections, and personal details and use the information to execute other forms of social engineering attacks.
“Social Networking helps reach people Easier and Quicker”
Impersonation on Facebook
Facebook is a well-known social networking site or service that connects people to other people. It is widely used to communicate with friends, and share and upload photos, links, and videos. To impersonate users on Facebook, attackers use nicknames instead of their real names. They create fake accounts and try to add “Friends” to view others’ profiles to obtain critical and valuable information.
The steps an attacker takes to lure a victim into revealing sensitive information:
- Attackers create a fake user group on Facebook identified as ‘Employees of the target company
- Using a false identity, attacker then proceeds to ‘friend,” or invite employees to the fake group, “Employees of the company”
- Users join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses’ names, etc.
- Using the details of any one of the employees, an attacker can compromise a secured facility to gain access to the building
Attackers create a fake account and scan details on profile pages of various targets on social networking sites such as LinkedIn and Twitter to engage in spear phishing, impersonation, and identity theft.
Social Networking Threats to Corporate Networks
Before sharing data on a social networking site or enhancing their channels, groups, or profiles, private and corporate users should be aware of the following social or technical security risks they could face.
- Data Theft: Social networking sites are huge database accessed by many people worldwide, increasing the risk of information exploitation.
- Involuntary Data Leakage: In the absence of a strong policy that sets dear lines between personal and corporate content, employees may unknowingly post sensitive data about their company on social networking sites that might help an attacker to launch an attack on the target organization.
- Targeted Attacks: Attackers use the information posted on social networking sites to launch targeted attacks on specific users or companies.
- Network Vulnerability: All social networking sites are subject to flaws and bugs, such as login issues and Java vulnerabilities, which attackers could exploit. This could, in turn cause vulnerabilities in the organization’s network.
- Spam and Phishing: Employees using work e-mail IDs on social networking sites will most probably receive spam and become targets of phishing attacks, which could compromise the organization’s network.
- Modification of Content: In the absence of proper security measures and efforts to preserve identity, blogs, channels, groups, profiles, and others can be spoofed or hacked.
- Malware Propagation: Social networking sites are ideal platforms for attackers to spread viruses, buts, worms, Trojans, spyware, and other malware.
- Business Reputation: Attackers can falsify an organization and/or employee information on social networking sites, resulting in loss of reputation.
- Infrastructure and Maintenance costs: Using social networking sites entails added infrastructure and maintenance resources for organizations to ensure that defensive layers are in place as safeguards.
- Loss of Productivity: Organizations must monitor employees’ network activities to maintain security and ensure that such activities do not misuse system and company resources.
An insider is any employee (trusted person) having access to critical assets of an organization. An insider attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. It is difficult to figure out an insider attack. Insider attacks may also cause great loss to the company. About 60% of attacks occur from behind the firewall. It is easier to launch an insider attack, and preventing such attacks is difficult.
Insider attacks are generally performed by:
- Privileged Users: Attacks may come from most trusted employees of the company such as managers, system administrators, who have access to company’s confidential data, with a higher probability to misusing the data, either intentionally or unintentionally.
- Disgruntled Employees: Attacks may come from unhappy employees or contract workers. Disgruntled employees, who intend to take revenge on their company, first acquire information, and then wait for the right time to compromise the organization’s resources.
- Companies: where insider attacks are common include credit card companies, health-care companies, network service providers, as well as financial and exchange service providers,
- Terminated Employees: Some employees take valuable information about the company with them when terminated. These employees access company’s data even after termination using backdoors, malware, or their old credentials because they are not disabled.
- Accident-Prone Employees: Accidentally if an employee has lost his device or an email is send to incorrect recipients or system loaded with confidential data is left logged-in, leads to unintentional data disclosure.
- Third Parties: Third parties like remote employees, partners, dealers, vendors, etc, have access to company’s information. Security of the systems used by them and about the persons accessing company’s information is unpredictable.
- Undertrained Staff: A trusted employee becomes an unintentional insider due to lack of cyber security training. He/she fails to adhere to cyber security policies, procedures, guidelines, and best practices.
“Don’t use social media to impress people; use it to impact people.”
Reasons for Insider Attacks
- Financial Gain
An attacker performs insider threat mainly for financial gain. The insider sells sensitive information of the company to its competitor, steals a colleague’s financial details for personal use, or manipulates companies or personnel financial records.
- Steal Confidential Data
A competitor may inflict damage to the target organization, steal critical information, or put them out of business, by just finding a job opening, preparing someone to get through the interview, and having that person hired by the competitor.
It takes only one disgruntled person to take revenge and your company is compromised. Attacks may come from unhappy employees or contract workers with negative opinions about the company.
- Become Future Competitor
Current employees may plan to start their own competing business and by using company’s confidential data. These employees may access and alter company’s clients list.
- Perform Competitors Bidding
Due to corporate espionage, even the most honest and trustworthy employees are forced to reveal company’s critical information by offering them bribery or through blackmailing.
- Public Announcement
A disgruntled employee may want to announce a political or social statement and leak or damage company’s confidential data.
Type of Insider Threats
There are four types of insider threats. They are:
- Malicious Insider:- Malicious insider threats come from disgruntled or terminated employees who steal data or destroy company networks intentionally by injecting unaware into the corporate network.
- Negligent Insider:- Insiders, who are uneducated on potential security threats or simply bypass general security procedures to meet workplace efficiency, are more vulnerable to social engineering attacks. A large number of insider attacks result from employee’s laxity towards security measures, policies, and practices.
- Professional Insider:- Professional insiders are the most harmful insiders where they use their technical knowledge to identify weaknesses and vulnerabilities of the company’s network and sell the confidential information to the competitors or black market bidders.
- Compromised Insider:- An outsider compromises insiders having access to critical assets or computing devices of an organization. This type of threat is more difficult to detect since the outsider masquerades as a genuine insider.
Why is Insider Attack Effective?
An insider attack is effective because of the following reasons:
- Insider attacks go undetectable for years together and remediation is expensive.
- An insider attack is easy to launch.
- Preventing insider attack is difficult.
- The inside attacker can easily succeed.
- It is very difficult to differentiate harmful actions from employee’s regular work. It is hard to identify whether employees are performing malicious activities or not.
- Even after detection of malicious activities of the employee, he/she may refuse to accept by claiming it is a mistake done unintentionally.
- It is easy for employees to cover their actions by editing or deleting logs to hide their malicious activities.
Example of Insider Attack: Disgruntled Employee Most cases of insider abuse can be traced to individuals who are introvert, incapable of managing stress, experiencing conflict with management, frustrated with their job or office politics, lacking in respect or promotion, transferred, demoted, issued an employment termination notice, among other reasons. Disgruntled employees may pass company secrets and intellectual property to competitors for monetary gain, thus harming the organization.
Disgruntled employees can use Steganography programs to hide company secrets and later send the information as an innocuous-looking message such as a picture, image, or sound file to competitors, using a work email account. Thus, no one suspects him/her because the attacker hides the sensitive information in the picture or image.
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com