Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
How to Build Your #SocialMedia
#Defense #Armour?
Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP
Outline
Social Media Today Social Network Types Common Attacks/Threats Vulnerabilities Counter Measures Conclusion
- Social Media #1 activity on the Internet - 72% of Internet users are now active on social media. - 22% of world population have a social online identity presence [1]
Social Media Today
1.11 Billion +users
200 Million +users
225 Million +users
Social Media Security
- A recent study by Gartner group found that 60% social media users haven’t changed their default security settings [1]. - 40% of social media users disclosed information about their home address, hometown, birth date and high school can be used in identity theft crimes [1].
Social Network Types
Personal Networks: Friendships, Age, Interests, Educational background, Employment, Private Photos, Private Videos.
Location Networks: In Real Time
Content Sharing Networks: Public Music, Public Photos, Public Videos
Social Network Types
Shared Interest Networks: Similar hobbies, educational backgrounds, political affiliations, ethnic backgrounds, religious views
Status Update Networks: Feelings, Emotions, News, Rumors, Information
Malware Distribution • Lead to financial fraud • Abuse of users systems • Data leakage
Common Social Media Attacks/Threats
• Best Known example: Koobface [2] Originally spread by Facebook “friends” messages To watch “funny video”, you need to install Adobe update. Compromise computers to build P2P botnets Hijack search queries to display advertisements Install additional pay-per-install malware Sells Scareware(fake anti-virus) Over $2 million in revenue (June 2009 to June 2010) Shut down by Facebook in Jan. 2012
Cyber Bullying or Harassment • 13-year girl killed herself in 2008 after chatting on
MySpace [3] • 16-year-old boy made degrading remarks • The “boy” was fake account setup by a mother of the
girl’s ex-friend. • Most U.S. states have since criminalized cyber
harassment, stalking, etc.
Common Social Media Attacks/Threats
Common Social Media Attacks/Threats
Spear Phishing attack - Selected few targets /single target. - Identity theft - Gather intelligence and intellectual property. - Custom hacking tools - Zero-day exploits - Synchronized - 91% of cyber attacks [4]
1. Created young female Facebook & LinkedIn profile named Emily Williams
2. Posted as a new hire at the targeted organization 3. Became “Friends” with young male employees
4. Observed discussions and gathered stories
5. Started asking innocent questions about more sensitive info
6. Sent malicious holiday e-cards
Common Social Media Attacks/Threats
- Presented at RSA Europe Security Conference in Amsterdam in 2013 [5] - Penetrated a US government agency in 2012
- First 15 hours: - 60 Facebook connections - 55 LinkedIn connections.
- After 24 hours: - 3 job interview offers
- Received a work laptop - Received network access - Obtained passwords - Installed applications - Stole sensitive documents
Employee1
Employee2
Organization ABC
Employee3
Location Tracking:
• Apps transmit Smartphones location. • Geo-tagging Photos.
How?
Cell tower identification ~100 meters Global Positioning System (GPS) ~20 meters WIFI triangulation ~200 meters IP Address approximation ~metro area
Social Media Vulnerabilities
Mental Health:
- Stalkers
Social Media Vulnerabilities
- Stress!
- post/share things to improve your image - Relationship drama - Always Plugged-in Addiction (Study by Anxiety UK) [6]
Social Media Vulnerabilities
- The more YOU share the more YOU are vulnerable
Social Media Vulnerabilities
Communication Patterns Thinking Health Beliefs Group Behaviour Personality
• Voting Trends • Buying Trends • Interests & Health Concerns
- A study done in 2010 by Ben-Gurion University, researchers stated that new intelligent stealth type of attacks called Stealing Reality [7]. - Feeds on social communication patterns to predict future natural patterns to achieve its targeted goal slowly and without detections.
- Based on user’s behaviour life patterns which rely on user existing trusted network and daily behaviours.
Social Media Vulnerabilities
Security Starts From Within
Home
Work
City
Nation
Improved Authentication - More than 2 millions social media passwords have been leaked online according to report by Trustwave in 2013 [8]
Social Media Counter Measures
Don’t stay logged on Avoid using personal information Different passwords for each account One base password and unique pattern Write and lock them down The longer the better (more than 7 characters) Change every few months Two factor authentication
Social Media Counter Measures
Account Border Control Don’t accept connections that you don’t know A friend of a friend is NOT a friend Categorize your connections Limit your circle of trust Keep your friends list private Block scanning your email address book
Develop Your Social Data Leakage Prevention Technique
Social Media Counter Measures
Exercise discretion about: Photos/Videos shared Opinions on controversial issues Anything involving coworkers,
employers, teachers
Review your posts before submitting Review and delete old posts Don’t post when you are happy or angry
Be careful clicking away (Too Good to be True)
(Chrome/Firefox)
Force SSL Anyway Possible Use https in URL Use tool
Social Media Counter Measures
Disable Location Tracking Disable through browsers [9] Disable through operating system [9] Disable GPS/WIFI Disable feature on Apps
Remove Apps/Extension Only install ones you cant live without Trusted sources
(Firefox/Chrome)
Limit Appearance in Search and Advertisements - Over 1300 tracking companies run 2800 scripts to deliver advertisements using users online activity [10] Opt out of Ads Enhanced Security Settings. block banners, pop up and rollover ads. By using
Social Media Counter Measures
1) First Party Cookies by legitimate websites 2) Third Party Cookies sold and sent to online
marketers. 3) Flash Cookies: uses Adobe Flash
Delete cookies manually in all used web browsers [11].
Clears cookies automatically
Scans for trackers
Blocks tracking Blocks third party tracking
Deletes flash cookies Firefox extension
Block and Clear your Cookies
Social Media Counter Measures
Use Google Alerts for your name search Install ESET social media scanner: scans your wall, newsfeed and private messages. scans your friends ensure you have active antivirus on all devices malicious URL detection anti-phishing
Social Media Counter Measures
Monitor your Social Online Presence
Social Media Counter Measures
Secure your Family Social Online Presence
Review their security settings Tools to help monitor social media activity in a home network [12]
Stay Updated! http://www.welivesecurity.com/ http://www.facecrooks.com/
Conclusion
Future is NOT Friendly. Be Careful! Your Social Media Junk, might be Someone’s else Treasure Strength Security from within
[1] http://www.jeffbullas.com/2014/01/17/20-social-media-facts-and-statistics-you
-should-know-in-2014/
[2] J. Drömer and D. Kollberg, “The Koobface malware gang – exposed!”, 2012,
http://nakedsecurity.sophos.com/koobface/
[3] Wikipedia,https://en.wikipedia.org/wiki/Suicide_of_Megan_Meier
[4] http://www.firmex.com/blog/spear-phishing-whos-getting-caught/
[5] http://www.itworld.com/security/380874/fake-social-media-id-duped-security
-aware-it-guys
[6] http://www.huffingtonpost.com/2012/07/10/social-media-anxiety_
n_1662224.html
[7] Yaniv Altshuler, Nadav Aharony, Yuval Elovici, Alex Pentland,
Manuel Cebrian. Stealing Reality. arXiv, 2010
[8] http://blog.spiderlabs.com/2013/12/look-what-i-found-moar-pony.html?
utm_source=dlvr.it&utm_medium=twitter
[9] http://www.reputation.com/reputationwatch/how-disable-internet-tracking
-location
Reference (1)
[10] http://www.itworld.com/it-management/349218/web-trackers-are-completely
-out-control
[11] http://www.pcworld.com/article/242939/how_to_delete_cookies.html
[12] http://facebook-parental-controls-review.toptenreviews.com/
[13] Private traits and attributes are predictable from digital records of human
behavior by M. Kosinski, D. Stillwell, T. Graepel, Proceedings of the National
Academy of Sciences (PNAS), 2013.
[14] http://psychcentral.com/news/2014/02/14/using-social-media-as-new
-tool-to-explain-human-behavior/65880.html
Reference (2)
Questions?