In recent years, social media has become a hot bed for cybercriminal activity. Attackers are drawn to these channels because they make finding and engaging targets trivial, are easy and cost effective to use, are simple to create fraudulent accounts and allow the spread of malicious content at an unprecedented scale and efficiency.
From the recent Vevo breach stemming from a LinkedIn phishing attack to Russian operativesusing Twitter to spearphish and distribute malware to the United States Department of Defense, advanced, large-scale cybercrime on social media has become mainstream. In light of National Cybersecurity Awareness Month, the ZeroFOX team compiled a list of the ten worst social media attacks of all time to demonstrate the growing need for safeguarding these platforms. In no specific order:
Fake Social Media Persona Sends Malware to Employees Via Social Media
Targeted Phishing/Malware, Fraudulent Accounts
Summary: Attackers created an incredibly compelling fake persona, a London-based photographer named Mia Ash, and connected with corporate employees. The attacker disseminated a Remote Access Trojan (RAT), called PupyRAT, via these social media honeypot accounts to hijack the controls of victims’ devices. The persona had accounts across several popular social networks.
2nd Party App Leads to Hundreds of High-Profile Account Compromises
Tactic: Account Takeover
Summary: A vulnerability in a 3rd-party app called TwitterCounter allowed Turkish-language attackers to hijack controls of hundreds of high-profile accounts. They posted aggressive messages against the Netherlands after a contentious week of deteriorating relations between the Netherlands and Turkey and pivotal elections in both countries. The posts used swastikas and called the Dutch “nazis.” The breached accounts included a number of global brands and well-followed, verified accounts, including Forbes, the official Bitcoin Blockchain account, Starbucks, the European Parliament, UNICEF, Nike and Amnesty International.
HAMMERTOSS Malware Uses Social Media for Command & Control
Tactic: Malware/Data Exfiltration
Summary: The HAMMERTOSS malware automatically searches social networks for commands posted by attacker profiles, allowing cybercriminals to control the malware via social media posts. The attacker group behind this malware is also responsible for attacks against the White House, the Joint Chiefs of Staff, the State Department and other nation-state governments, such as Norway. This novel approach to weaponizing social media shows the need to analyze social media as a full lifecycle attack vector.
Financial Crime Runs Rampant on Social Networks
Tactic: Fraud & Scams
Summary: ZeroFOX researchers revealed the vast underground world of financial crime on social media, in which scammers prey on the followers of verified banks with fraudulent financial services offerings, including card cracking and money flipping. The scale of the problem is massive, with nearly a quarter-million posts for a single type of scam on a single social network. The problem was found on every major social media channel and results in hundreds of millions of dollars in losses annually.
LinkedIn Hacked, Exposing 117 Million Credentials
Tactic: Data Breach, Account Takeover
Summary: The networks themselves get breached as well. The 2016 LinkedIn data dump was the 7th largest in history by sheer number of compromised credentials, according to HaveIBeenPwned.com. The breach, which originally occurred in 2012, resulted in an eventually 117 million exposed email and password combinations, which were then sold on the dark web.