Many of us at some point or another have used a social network. They can help us connect and retain relationships with each other no matter where we are in the world, but they can also be a source of harassment, trolling, and an overall negative and stressful digital environment.
For some hackers, these networks have also become core tools in fraudulent and criminal schemes.
On Tuesday, Bromium and Dr. Mike McGuire, senior lecturer in Criminology at the UK’s Surrey University, released a report which explores how threat actors are abusing today’s social media platforms.
The six-month study, called “Social Media Platforms and the Cybercrime Economy” is the second installment of the “Web for Profit” series and suggests that social media networks — including Facebook, Twitter, LinkedIn, and Instagram — have given attackers the means to “amplify, persuade and spread malware more quickly than email or other attack vectors.”
The connections between users who have made social networks popular are the same links which attackers now exploit at will.
It is the trust element which social accounts have — and cold emails do not — which can enable what is known as “chain exploitation;” the abuse of trusted connections to spread tailored attacks across specific platforms.
It is not only phishing messages and the posting of malicious links which are attack vectors for attackers on social networks. Malvertising, plugins, and the sharing of malicious content are also proving popular and contributing to an industry which is earning criminals roughly $3.25 billion per year.
The researchers estimate that up to 40 percent of malware infections on social media originate from malvertising, while at least 30 percent come from plugins and malicious applications.
According to the report, one in five organizations have been exposed to malware distributed via social networking channels, and reports of cybercrime relating to these platforms increased by over 30,000 percent between 2015 and 2017 in the United States alone. It is estimated that up to 1.3 billion social media users may have had their data compromised within the past five years.
Threat actors are also making use of social media networks in the same ways as today’s businesses when it comes to sales, marketing, and recruitment.
The researchers behind the report found that cybercriminals are marketing and touting their wares openly — including the sale of botnet hires and data trades — and are also forging connections for illicit purposes such as money laundering and fraud. The sale of criminal education is rife, too, with tutorials and malware tech support on offer across Twitter and Facebook.
Social networks are also being used for the purposes of criminal recruitment. According to the research, since 2016, there has been a 36 percent increase in the hire of money mules who are often recruited through adverts luring individuals with offers of short-term roles worth a hefty paycheck.
“These platforms have brought money laundering to the kind of individuals not typically associated with this crime — young millennials and generation Z,” says McGuire. “Data from UK banks suggests there might be as many as 8,500 money mule accounts in the UK owned by individuals under the age of 21, and most of this recruitment is conducted via social media.”
CNET: Microsoft says Russian hackers targeted European researchers
Despite the risks, banning the use of social media platforms in the workplace and for the company’s benefit can impact communication channels between consumers and vendors, reduce the range of sales and promotional channels available, and may not match today’s consumer expectations that reputable companies will manage a social media presence.
“Businesses must resist knee-jerk reactions to ban social media use altogether,” says Gregory Webb, CEO of Bromium. “Instead, organizations can reduce the impact of social media-enabled attacks by adopting layered defenses that utilize application isolation and containment. This way, social media pages with embedded but often undetected malicious exploits are isolated within micro separate virtual machines, rendering malware infections harmless. Users can click links and access untrusted social-media sites without risk of infection.”