Social networks to be a growing attack vector in 2021
Threat actors have depended heavily on phishing e-mails as an means to copromise organisations through individual employees. But in 2021, sophisticated adversaries will increasingly target, engage and compromise corporate victims using social networks as an attack vector.
So said McAfee’s chief scientist Raj Samani, noting that the security giant has observed a growing number of sophisticated threat actors using LinkedIn, What’s App, Facebook and Twitter to engage, develop relationships with, and then compromise staff members. Through these users, they compromise the broader organsations that employ them.
According to Samani, bad actors have employed social network platforms in broad scoped schemes to perpetrate relatively low-level criminal scams. However, prominent actors such as APT34, Charming Kitten, Threat Group-2889 and others, have been identified using these platforms for higher-value.
One such incident, Operation North Star, was exposed by McAffee in August last year. The campaign highlighted how lax social media privacy controls, ease of development and use of fake LinkedIn user accounts and job descriptions could be used to lure and attack employees in the defence sector.
Much as individuals and businesses engage potential customers on social platforms by gathering information, tailoring specialised content, and conducting targeted interactions with them, malefactors can target high value employees with a deeper level of engagement in the same way.
Moreover, employees engage with social networks in a manner that encompasses both their private and work lives. While companies have measures in place to secure corporate-issued devices and can restrict the way consumer devices access corporate IT assets, employees' activity on social network isn’t monitored or controlled in the same way.
Samani says while it is unlikely that e-mail will be replaced as an attack vector, McAfee foresees this social network platform vector becoming more common in 2021 and beyond, particularly among the most advanced actors.