Network Security, Threat Management

Study: Malicious social media attacks on the upswing

Social media represents the next frontier of threats for IT security professionals and the companies they protect, according to a new study that details Fortune 100 companies and their social media channels.

“The State of Social Media Infrastructure: The Security Threats to the Social Infrastructure of Fortune 100” found that unauthorized social media accounts, content threats and account hijackings are three primary issues plaguing companies. For instance, an average of 40 percent of Facebook accounts claiming to represent a Fortune 100 brand are unauthorized, and 20 percent of Twitter accounts are also unauthorized.

Although this stat might seem irrelevant to some IT security professionals, Devin Redmond, vice president and general manager of Nexgate for Proofpoint, believes this coming year will require IT security staff and general social media managers to unite against malicious social media actors.

“Social media happened very quickly,” he said. “They (social media managers) aren't typically trained IT security experts. They haven't really caught up with what's happening on that front. It's become such a primary channel that it's time for those two groups to collaborate more.”

Threats that are commonly seen in phishing emails, including spam and malicious links, can surface on social media channels, as well. Without IT security training, social media managers might not be savvy to the threats' implications and possible effects, said Redmond.

Since mid-2013, social spam has grown by 658 percent, the study found, and 99 percent of malicious URLs posted on social media channels led to malware or phishing attacks. Often times these malicious activities aren't contained to social media. Where there's one attack, there will be more, said Redmond.

“Look at the trend in the security overall, none of these things live in a bubble,” he said.  “One of the components is that people at those organizations can accidentally grant access to internal resources (through a social media-targeted attack).”

As opposed to a phishing email, attackers can reach a wider and larger audience with social media. Plus, traditionally, social media has no filters to protect against malicious material. A human is often tasked with protecting the channels.

“Security professionals are paying attention,” Redmond said. “And this year, we've seen a lot more of the learning process and cross pollinating with people dealing with social, so they can work on strategies.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.