Online conversations, powered largely by social media platforms but also taking place in dark corners of the web, are increasingly risky not only for the reputation of a business but their very livelihood. This growing area of risk must be adequately considered and catered for, with tooling and systems put in place to mitigate fallout and stop damaging discussions going too far.

The unprecedented impact of social media

In today’s world, social media has become woven into the fabric of our daily lives, used to communicate, engage with content, and influence opinion. However, what began as a light-hearted way for people to share with others now has the potential to boost or destroy a business or brand in rapid time.

With the ability to amplify messages instantly and magnify their reach across millions of users, social media possesses a great ability to influence public opinion, brand perception, and overall business success. In today’s day and age, reputations can be made or broken with a single viral post or inaccurate reporting. And it’s not just social media, with discussions on the dark or deep web also having damaging impacts far and wide.

When seemingly innocuous actions or comments snowball they can lead to financial losses, legal entanglements, or even a business having to close its doors. Increasingly, business leaders at organisations of all sizes and industries are grappling with the complexities of the online landscape, as they look to safeguard their reputation and operations. 

When the impossible becomes reality

The recent Silicon Valley Bank (SVB) story that made global headlines is a real-life example of the worst case scenario of this issue playing out.

The largest United States bank to fail since Washington Mutual closed its doors in 2008, the story is particularly noteworthy due to the role social media played in its downfall. The Santa Clara bank was shut down in March of this year by the California Department of Financial Protection and Innovation, after the company’s investments decreased in value massively and quickly.

With reported assets of $209 billion in December 2022, the bank had grown significantly between 2019 and 2022, but this wasn’t enough for mismanagement of investment and growing vulnerabilities. While various factors were at play in the demise of the bank, arguably the final straw was when many people withdrew large amounts of money in the span of a few hours, driven by social media discussions. 

At the beginning of March, social media accounts began reporting on SBV’s financial health, prompting customers to pull $1 million per second from their accounts, as reported by Reuters. Overall, depositors withdrew $42 billion from the bank in 10 hours, leading to SBV CEO Greg Becker later blaming social media as a top factor in the bank’s downfall.

Responding to risk before it’s too late

While this is an extreme example, the principle of the SBV story must be considered and acted upon. Businesses from all industries, not just finance, need to pay attention to their social media presence, and the impact it may have, and take a proactive approach to risks. 

In order to catch negative discussions or commentary before it goes too far, powerful tooling and human resources is an imperative investment. As the SBV story shows us, failure to put preventative and response strategies in place can leave businesses up for more than reputational damage.

The world of social media is ever-evolving, and with it the risks businesses face. By understanding the impact of social media on business risk, we can unlock the potential for growth and success, while safeguarding against the perils that lurk in the virtual world.

Contact us to learn more or schedule a demo.

Preparedness is Key to Mitigating Severe Weather Risks

Severe weather and natural disasters— such as tropical storms, wildfires, tornadoes, earthquakes, floods, tsunamis, and hurricanes— put people and organizations across the globe at risk every year. The level of preparedness and response to these severe weather events can often mean the difference in life or death. In addition, organizations who prepare and respond quickly to weather disasters can prevent loss of revenue and other costs by maintaining continuity of operations.

Advance warning and accurate real-time data about severe weather and natural disaster threats is a critical part of your risk profile. Signal has advanced tools to enable you to stay alerted as quickly and as early as possible to severe weather threats relevant to your people, buildings, supply chain, and other assets. 

Brand reputation is also at stake during a weather emergency. Handled efficiently, it’s an opportunity for organizations to shine and prove their resilience. Handled poorly, the public is unlikely to forgive or forget the organization’s response or lack of response. Clear guidelines and properly gradated alert levels allow you to respond effectively and efficiently every time—no matter what weather emergency comes your way.

Get Notified Early About Severe Weather Threats

Every second counts when dealing with emerging severe weather risks. As our collective ability to track and predict many severe weather events due to artificial intelligence improves each year, the data comes faster, earlier, and in greater quantity. Only when this data is accurately and relevantly mined do you have more opportunities to increase preparedness and speed of response. Otherwise, the overload of information only causes noise.

Signal uses open-source intelligence to monitor what’s important to you 24/7. Customize searches and get notified via SMS and email when vital severe weather information is detected that’s relevant to your organization. Leverage advanced customizable filters to reduce irrelevant noise so that you can focus on the threats that matter to you. Quickly search for real time updates on developing situations or set up complex boolean searches to monitor severe weather incidents, and actively drive prevention. The alternative is to waste an enormous amount of time and money randomly browsing the web and other sources for weather information—usually too late. Such a haphazard approach causes big gaps in risk awareness.

Verify Information to Make Confident Decisions & Act Quickly

Misinformation can cause panic during a severe weather emergency. This misinformation can spread rapidly through both social media and even through more trustworthy news sources during emergencies. Social media posts provide updates to the public which are often helpful; however, citizen-sourced information can also lead to the spreading of falsehoods. It’s important to keep your team ahead of the news— including fake news, and even scammers trying to capitalize on the disaster. To tackle this, the first thing any organisation needs is accurate, relevant, vetted, trustworthy information. 

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns, and practically respond to these potential and evolving threats during a severe weather emergency. 

Maintain heightened situational awareness before, during, and after the event.

Increase situational awareness by corroborating and contextualizing severe weather data. Monitor supplier production facilities and transport routes, and continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly. 

Customer Example

During a recent tornado, one customer used Signal to help safeguard a manufacturing facility in the U.S. when a tornado landed near the town where most of their employees were based. Luckily, there were no casualties. The customer used Signal to gain intelligence about:

• The scale of the tornado

• The impact it was going to have on their employees

• The impact it might have on their overall operation

This intelligence was extremely useful to the organization in recognizing threats being proactive. The intelligence helped them to:

• Protect lives (people)

• Protect assets (facilities)

• Maintain business continuity (resilience)

• Protect reputation (brand)

To learn more about preparing for severe weather emergencies, request a full demo

People are increasingly aware of how their data is accessed and used, whether this is the security of their private conversations, their online browsing history, or even Personal Identifiable Information (PII). With this increase in consciousness for data privacy, chat applications have had to promise better encryption and anonymity if they are to compete.

As such, over the last few years new chat apps, with a primary USP of better privacy have hit the market. This includes the likes of Telegram and Discord. The anonymity and data security offered by these apps have quickly made them popular with both legitimate users and criminals. On Telegram, you don’t have to look too hard to uncover conversations around the sale of illicit goods, examples of extremist views and hate speech, the trading of PII, and more. It’s also worth noting that many marketplaces and forums on the dark web also have chat groups on Telegram.

Many of the groups and channels on apps like Telegram are open to the public, allowing users to easily reach a large potential market relatively risk-free. Not all groups though are open to the public making it substantially harder for security professionals and law enforcement to monitor these channels successfully.  

However, with a tool like Signal, you can view and monitor data from many of these closed communities and hard to access groups easily and efficiently.

About Telegram

Telegram is a messaging app that was launched in 2013. It focuses on supplying a fast, free and above all, secure messaging service. The chat app has end-to-end encryption and several other features which add to it’s perceived security. These features include “secret chats” which store data locally, a timer on messages to self-destruct after a specified time, notifications of screenshots, and messages in secret chats can’t be forwarded. Their main USP is to provide a service where data is protected from thirds parties, including any curious government or security agencies.

Unlike other chat apps, Telegram promotes itself as providing its users with full anonymity, including the ability to set up a unique username and make your phone number to private. It’s because of these security features as well as the offered anonymity that the application quickly became a popular choice for criminal communications.

How Can You Leverage Data from Telegram for OSINT?

There are various channels and groups on the Telegram app in which illicit and criminal activity is discussed or undertaken. This ranges from the sale of illegal goods, stolen data, to planning physical attacks on an organization or individual.

For example, on the group “Carders” on Telegram, a group which has over 5,000 members you can find stolen credit card details including full numbers and CVV codes. This chat group is linked to an online shop getbette.biz (which was taken down in early 2020). Most of the conversations in this group revolve around some form of financial fraud, whether that’s leaked card details or the sale of PII.

On other Telegram groups, you can find details for hacked personal accounts like Netflix, Disney Plus, Amazon Prime etc. These logins might be sold for a variety of reasons, such as credential stuffing, or for personal use.

It’s not just dealing in illegally obtained data though. Telegram is used for a broad variety of purposes. A particularly popular one is the sale of drugs. Narcotic Express DE is one such group. With close to 1,000 members, this German group is a closed group which focuses on the purchasing, sale and distribution of drugs. 

Closed groups cannot be found in a search within the app or in the dedicated Telegram search engine, instead, you have to be invited and sent a link by another user in the group. In addition, users can only see posts, not post themselves into the group.

Other examples of leveraging Telegram as a data source include monitoring for:

• Hate speech and death threats,

• Hacking services for sale,

• Exploit kits,

• Data breaches,

• Hate groups.

Using Telegram as an OSINT Source

As outlined above, are plenty of conversations of interest that happen through the Telegram app and its various groups. These groups can offer insight into criminal activity and better enable organizations to protect their assets and staff from emerging threats. For example, you might find information on a recent data breach through the app. Having this early knowledge of the breach is essential for mitigating costs.

However, as with any potential data source, it’s not a case of simply downloading the app. Efficiently scanning and monitoring the platform for potentially relevant or information of interest requires the right tools.

First, groups like Narcotic Express DE are closed groups, meaning locating and gaining access to them is a challenge in itself. Secondly, with features such as message self-destruct constant surveillance is necessary. These challenges mean time and resource need to be devoted to this specific channel, time and resource that might be better spent elsewhere.

Using an OSINT tool gives users the ability to access and utilize hard to reach data sources like Telegram. Data from Telegram is gathered by our data provider Webhose, who scrape the publicly available data from both open and harder to access closed groups continuously. Signal users can set up searches with Boolean logic, selecting Telegram as one of the data source options available. 

For organizations, social media is vital for the success of their business. It forms a central part of their efforts to build brand awareness, establish their community, do market research and gather intelligence. However, because of the frequency with which it’s used and the importance of the role it plays, social media cybersecurity threats can have a very tangible impact on an organization through reputational damage, data breaches, or worse.

In a recent survey by Statista, it was revealed that 22% of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. Due to the constantly changing nature of technology and trends, it’s difficult to pin down a defined set of best practices. 

In this article, we take a look at why and how attackers target social accounts as well as reviewing some of the current best practices for mitigating the risks.

Why Do Hackers Target Social Media Accounts?

A successful account takeover can enable threat actors to achieve a variety of malicious objectives, from the distribution of malware to the spreading of misinformation. Some of the most common uses for a compromised account are as follows:

Continuing the Attack: Generally speaking, most people are wary of random messages from strangers. However, if you can gain access to someone’s account and launch your phishing campaign against their contacts you can leverage the trust already established as a personal contact to dramatically improve the success rate of the phishing campaign. In the case of an organization’s account, these attacks are particularly harmful as they can target thousands or even millions of followers and can come with serious associated reputational damage.

Gathering Intelligence: The actual account takeover might not be the endgame of the attack. Instead by taking over an account, they gain access to intelligence, from an individual's messaging history to extensive personal details on an individual and their contacts.

Reputational Damage: We’ve already mentioned the potential for reputation damage as a by-product. However, there is a chance that reputation damage is the entire objective of the attack. Attackers might have a grudge against an organization or person, for example. Once they have access to the account they could do a range of things, such as posting racist slurs from the account or directly targeting followers through the account.

Credential Stuffing: Many people use the same login credentials across websites. Once attackers have successfully compromised an account, they then attempt logins at other popular websites using the same credentials to see what else they can gain access to. Often the objective is a financial reward.

Blackmail: If embarrassing or damaging information is surfaced through the account attack then hackers are unlikely to miss the opportunity to blackmail the individual or organization to further their other objectives.

4 Examples of Successful Social Media Attacks

LinkedIn Hacked, Exposing 117 Million Credentials

• When: May 2016

• Tactic: Data Breach, Account Takeover

• The 2016 LinkedIn data breach exposed 117 million records of its users including email and password combinations. These were sold on the dark web and allowed hackers to gain access to and control thousands of accounts as well as use the data for credential stuffing.

Vevo Hacked Via LinkedIn Phishing

• When: September 2017

• Tactic: Targeted Phishing & Malware

• In 2017 the streaming service Vevo suffered a breach when one of its employees was phished via LinkedIn. Through this attack, hackers obtained and publicly released over 3TB worth of the company’s sensitive internal data.

HAMMERTOSS Malware

• When: July 2015

• Tactic: Malware/Data Exfiltration

• HAMMERTOSS is a malware which was created to automatically search and extract data from social networks and was controlled by commands posted by attacker profiles. This novel approach to weaponizing social media shows the need to analyze social media as part of the full lifecycle of a cyber attack. 

Twitter Bitcoin Scam

• When: July 2020

• Tactic: Account Takeover

• Through a series of targeted phishing campaigns, hackers were able to get access to internal systems and tools at Twitter. They used this access to take control of numerous high profile accounts, including verified accounts such as Kanye West, Barack Obama, Apple, and Joe Biden. The attackers used the platform to Tweet a message requesting Bitcoin be sent to a specific wallet number with a promise they’d return it doubled. In the short time the message was up the attackers collected over $100,000.

6 Quick Tips to Improve your Organizations Social Media Cybersecurity

1. Employ strong unique passwords.

Avoid the risks of credential stuffing by ensuring that all accounts are locked with strong unique passwords.

2. Keep personal and business accounts separate.

Linking personal and business accounts just make it easier for hackers to gain access to both. So, when possible, keep a separate and distinct login and password for both. 

3. Restrict access and permissions.

Not everyone needs to have the ability to login to the organization’s social media accounts. Not everyone needs to be able to post, share or send messages through it. Additionally, when an employee leaves make sure to revoke their access to all social media accounts.

4. Be mindful about what you share.

Even harmless posts might unwittingly share sensitive data that could be used by attackers. For example, you might share an employee update, maybe congratulating an employee for having a child, information which could be used in a targeted spear-phishing campaign.

5. Protect the physical access points.

Make sure devices are password-protected, don’t leave USB devices lying around, ensure that wi-fi networks are private and secure. These physical security threats are particularly prevalent currently with many employees working from home. 

6. Be wary of third-party apps.

Third-party apps like scheduling softwares are invaluable, allowing you to save a huge amount of time. However, they also provide an additional way for attackers to gain access to your social media accounts. 

The Role of OSINT in Securing Social Media Platforms

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. 

OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively.

Social engineering is an attempt by attackers to fool or manipulate others into surrendering access details, credentials, banking information, or other sensitive data. Once access is gained the general goal is to gain money. 

Recently, for example, Twitter was subject to a high profile social engineering attack. Attackers manipulated several Twitter employees to gain access to the platforms admin accounts. Once they got access they used the admin privileges to post a tweet saying “All Bitcoin sent to our address below will be sent back to you doubled!”  They posted on a number of celebrity and company profiles including Apple, Bill Gates, Elon Musk and Joe Biden.

Twitter shut the attack down quickly but not before the attackers got away with an estimated $120,000 USD worth of Bitcoin.

Social engineering is a creative strategy for attackers to exploit human emotion and ego, generally for a financial reward. It often forms part of other strategies as well such as ransomware. 

In this article, we take a look at some of the more common forms and tactics of social engineering as well as exploring just how an organization can protect itself from such an attack.

What are the stages of a social engineering attack?

In general, social engineering attacks are implemented in three stages.

1. Research. Attackers perform research to identify potential targets as well as to determine what strategies might work best against these particular targets. Attackers will likely collect data off company websites, LinkedIn and other social media profiles and potentially even in-person.

2. Planning. Once the attackers know who they will be targeting and have an idea of the targets potential weaknesses, they have to put together a strategy that is likely to work. The attacker needs to design the strategy and specific messages they will use to exploit the target’s individual weaknesses. Sometimes discussions surrounding plans can be found on darknet forums.

3. Implementation. The first stage of execution of their prepared strategy is often sending messages through email, social media messaging or some other messaging platform. Depending on their approach the entire process could be automated, targeting a broad number of individuals, or it might be more personal with the attacker interacting personally with their victim. Generally, they are aiming to gain access to private accounts, uncover banking or credit card details, or to install malware.

6 of the Most Common Social Engineering Attack Strategies

1. Phishing and Spear Phishing.

Phishing messages are designed to get a victim’s attention with an alarming or curious message. They work on emotional triggers and often masquerade as well known brands making it seem like the messages come from a legitimate source.

Most phishing messages have a sense of urgency about them causing the victim to believe that something negative will happen if they don’t surrender their details. For example, they might pose as a banking institute and pretend to be a fraud notice asking them to log into their account immediately, however, the email actually links to a fake login page.

Spear phishing is similar but with a more targeted individualistic approach.

2. Baiting.

A baiting attack generally pretends to offer something that the victim would find useful, for example, a software update. However, instead of a useful update or new software, it is, in fact, a malicious file or malware. 

3. Scareware. 

Playing on the targets fear this approach seeks to persuade the target that there is already a malware installed on their computer, or perhaps seek to persuade them that they already have access to their email address. This attack will then persuade the target to pay a fee to remove the malware. 

4. Pretexting.

In a pretexting atack the attacker creates a fake identity and they use it to manipulate their victims into providing private information. For example, the attacker might pretend t be part of a third-party IT service provider. They would then ask for the users account details and password in order to assist them with a problem. 

5. Quid Pro Quo. 

Similar to baiting, a quid pro quo attack promises to perform an action which will benefit the target. For example, an attacker might call an individual in company who has a technical support inquiry and then pretend to help them. However, instead of actually helping them they get the individual to compromise the security of their own device.

6. Tailgating.

Tailgating is a physical type of social engineering. It enables criminals to gain physical access to a building or secure area. An example of how this might work would be the criminal following behind someone authorized to access an area, they ask the person ahead to simply hold the door for them assuming an air of innocence.

How to Prevent Social Engineering

One of the key reasons social engineering is so difficult to protect against is because of the variety of ways it can be implemented. Attackers can be incredibly creative and this can make it very hard to spot a social engineering attack. Additionally, security professionals have to contend with skilful manipulation of the human ego.

Social engineering attacks exploit human behaviour. They target peoples fears or concerns often with messaging that centres around urgency attempting to encourage victims to take action immediately before they figure out they are part of a social engineering attack. Key to prevention then is remaining suspicious of emails, voicemails, or instant messages through platforms such as Facebook. 

Additionally, security teams need to stay ahead of the attackers. They need to be aware of each variation of a particular social engineering attack. Using OSINT tools, for example, they can learn about current messaging and strategies being implemented as well as potential exploits. Allowing them to take actions to mitigate evolving and emerging threats.

Increased awareness and vigilance though is only the first step. These attacks are common because they are effective, and they are effective because they take advantage of inherently human traits. Changing this human behaviour though doesn’t happen overnight. An internal education strategy needs to be put in place to regularly inform and teach employees about current social engineering strategies in an effort to reduce the potential for any employee to fall prey to one. In these ways, security professionals can mitigate the potential risks that surround social engineering attacks.

Social media is a powerful tool that allows organizations to reach new audiences, communicate and engage with customers, build brand loyalty, share promotions and ultimately achieve new growth. However, because of the very public nature of it, social media opens up new opportunities for cyber criminals to target an organization.

Companies which don’t take the proper precautions in securing their social media channels could find themselves reeling from unexpected attacks. These attack could implement a wide variety of threat vectors, from employees to malware, and could evolve into serious and costly threats.

In this article, we explore some of the commonly exploited risks that are associated with corporate social media use as well as what a company can do to best mitigate these risks and how Open Source Intelligence (OSINT) can play an important role in preventing and protecting an organization.

The risks of social media for corporate security

Phishing and Scams

Phishing is a predominant attack strategy by cybercriminals with an estimated 90% of incidents and breaches including a phishing element. 

Phishing is defined as social engineering using digital methods for malicious purposes. Generally, the goal is to get the victim to hand over private information such as passwords, banking or credit card information.

In the case of social media, there are numerous forms that phishing can take. For example:

• Impersonation

• Credential theft

• Propagating attacks

• Data dumps

• Romance scams

• Intelligence gathering (for account takeover and spear phishing)

Social media platforms still offer only minimal controls to prevent the further propagation of account takeovers. Additionally, because social accounts typically need to be approved prior to connecting with people, account takeovers allow hackers to utilise trust associated with that account. Which is why it’s important for organizations to understand and prepare responses to these evolving threats.

Human Error

One of the key security weaknesses that many organizations face is human error. Everyone makes mistakes and in today’s digital world it is all too easy for cybercriminals to take advantage of these mistakes. In fact, according to EY Global Information Security Survey, employee weakness was responsible for 20% of all cyber attacks. Something as simple as clicking the wrong link or downloading the wrong file could cause havoc with a company's security systems.

When it comes to social media, one attack vector that many users don’t realize cybercriminals utilise is online challenges and quizzes. These quizzes often ask for or obtain by way of an answer personal information which is then used to hack passwords. 

For example, the answers to a social quiz might require you to give up letters from your mother's maiden name, your date of birth, or your first pet's name. This information combined with the details publicly available on your social media profiles could very easily offer up common password and security question combinations.

Third-party Apps

Even if your company's social media accounts are locked down tight, hackers may be able to gain access to an otherwise secure social media account through vulnerabilities in connected third-party apps.

Imposter Accounts

A cyberattack doesn’t always take the form of a hack. Instead, it is fairly easy for an imposter to create a social media account that looks like it belongs to your organization. This is one reason having a verified account is so valuable.

• LinkedIn’s latest transparency report notes that they took action on 21.6 million fake accounts in just six months.

• Facebook estimates that about 5% of monthly active user accounts are fake.

Impostor accounts can target your customers with fake deals, disinformation, or nefarious links. When a customer is tricked like this, not only does your brand suffer but often the organization is held responsible.

One recent example found on Twitter was a fake account fraudulently collecting money on behalf of President Trump’s 2020 reelection campaign. The account “@realDonaldTrump_” is set up as an almost exact replica of the real Trump’s account with only an underscore at the end of the handle to indicate it is not the real account. And of course, it lacks that tell-tale blue verification tick.

Unsecured Mobile Phones

More than 50% of the time spent online is done through mobile phones. Using social media apps allows us to access and engage on social channels with just a single tap. This is great, as long as you are the one in possession of your phone. However, this ease also creates a security risk. 

Should your phone be stolen and accessed all it takes is one tap for the thief to access your social accounts and then they can message all your connections with phishing or malware attacks or spread disinformation using your accounts.

And, worryingly more than half of people leave their phones unlocked.

Malware and Hacks

By its very nature, social media is about social interaction. For personal accounts, this means interacting with friends or acquaintances online in some form or another. For organizations it means interacting with customers, for celebrities or influencers it means interacting with fans.

This is actually a barrier for many cybercriminals. People are generally distrustful of communications where they have no prior experience with the person or people behind them. 

Generally speaking, strangers on the internet are still strangers and it takes a while to build an audience and gain their trust. For a cybercriminal to utilize social platforms then, they often have to go through a rather troublesome and lengthy process of building this trust. And while there are certainly numerous ways for a cybercriminal to sidestep these issues, if their end goal is to get people to click links or share information then their success rate will obviously be much higher should they originally share from a trusted account. 

Related: The Crucial Role of Social Media Monitoring in Corporate Threat Intelligence

5 actions to securing your companies social media presence

The best policies for social media security operate around prevention. By implementing a few basic social media security protocols organizations can massively reduce the potential threats that social media might otherwise present.

Have a clear social media policy

A clear and properly implemented social media policy is the first place to start. This will allow you to not only protect against security threats but also help prevent bad PR or legal trouble that might ensue should your social media be compromised.

You social media policy should include the following things:

• Outline of your brand guidelines that explain how people are allowed to talk about the company on social media.

• A list of social media activities to avoid, such as the quizzes that we mentioned earlier.

• Guidelines related to copyright and confidentiality

• A guide on the best practices for password management to avoid threats like credential stuffing.

• The expectation that employees will keep all their devices updated with the latest software.

• Examples of scams and attacks and educational material on how staff can avoid these and other key security threats,

• Information on who to notify and how to respond should an employee notice a security concern.

Train staff on best security practices

Building on from the previous point, because human errors are such a prevalent factor in hacks and other cyber attacks it is incredibly important to properly and routinely train staff in proper cybersecurity measures. Even the best social media policy won’t protect an organization should the staff not know how to properly follow or implement it.

Training employees routinely will also give them the opportunity to ask questions, engage and get a sense of the importance of the issue. Additionally, because cybercriminals are constantly evolving their strategies, training is an opportunity to update staff on new threats or examples of current scams.

As an added bonus, social media training also equips your team to use social tools effectively. When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes and ultimately your company will see better results.

Limit access and permissions

One of the best ways to keep social accounts secure is to strictly control who has access and the exact permissions they have. Not everyone after all needs the ability to post, not everyone needs the ability to see the stats. And should an individual leave (especially if they leave under a dark cloud) it is important to be able to and remember to revoke their access so that they can’t use the social accounts to cause harm to the company.

Have a designated person in charge

This isn’t just a security concern, having a designated person in charge of and responsible for the running of your social channels will, first of all, ensure consistency but also ensure that someone is constantly on top of and routinely checking the social media security which will go a long way to mitigating any risks.

This person will likely be a senior person on your marketing team. They should maintain a good relationship with your company’s IT department to ensure marketing and IT work together.

Social media monitoring for threat detection

As we have mentioned several times already security threats, especially those around social media accounts are constantly evolving as cybercriminals implement new and innovative new methods for attacks. Using OSINT you can not only closely monitor not only your own social media accounts but the entirety of the web. This will allow for your security team to catch risks as they appear and neutralize potential threats early. 

For example, careful monitoring of social channels will allow you to discover imposter accounts and get them shut down quickly before they can do real damage. It will allow you to spot inappropriate use of your brand by employees or others associated with your company such as a new partner.

The role of OSINT for social media monitoring and corporate security

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. Moreover, you could monitor for negative emotional sentiment concerning an event you're hosting and identify people who may decide to turn those threats into action.

Finally, OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat, when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively

Conclusion

Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and regular audits of your social media security measures are necessary to ensure organization security.

An estimated 2.94 billion people globally use social media. This is roughly a penetration of about 40% which is only expected to grow. However, in developed countries, this penetration rate is even higher. Facebook and Instagram are currently the two most used platforms, but there are numerous channels with hundreds of millions of active users daily. 

On any one of these channels, attackers might voice their intentions, spread false information concerning your organisation, or partake in more obscure but potentially equalling dangerous activities such as cyber-bullying or phishing. Because of the high number of users paired with the social nature of discussion, potential threats often emerge on these channels and forums first, even before they become a tangible risk.

On top of this, many companies have active social media presences which enable them to engage with their target audiences for positive brand growth. However, because of the saturation, companies are opened to several new vulnerabilities that come hand in hand with the opportunities that social media presents.

A fundamental challenge with social media monitoring, then, is knowing where to look and how to identify credible threats amidst overwhelming noise in a timely fashion that doesn’t require immense resources.

In this article, we explore some of the key threats that evolve and can be monitored using social media channels as well as how to overcome the fundamental difficulties surrounding effective social media monitoring.

The Challenges of Social Media Monitoring

Using social media monitoring as part of your comprehensive cybersecurity strategy has several key benefits unique to the platforms involved. However, leveraging social media for increased security and situational awareness can be a challenge and, without the right tools, it is next to impossible to effectively monitor these channels and form timely responses.

The amount of chatter on social media channels is both a boon and a curse to security professionals. People discuss everything from the inane to clearly threatening conversations and actions. All of this happens though, across dozens of social media channels. On Twitter alone, there are some 500 million tweets a day. In one study, it was found that five new profiles are created on Facebook every second - and it’s quite possible that some of those are fake or could be a threat to your business.

An example of using social media to gain increased situational awareness is the 2019 Christchurch shooting. Parts of the event were live streamed through social channels. Those security teams monitoring these channel were amongst the very first to know of the event as well as gain valuable situational awareness that allowed them to respond more effectively than without this information.

To overcome the key challenges presented by social media monitoring it is vital to employ the right tools and resources. For example, Signal OSINT platform allows you to monitor your chosen social media channels continuously and set up tailored lives streams and customised filters to help user identify potential threats from the noise of online chatter. To further refine the data gathered through the use of Signal you can run things through our sentiment analysis tool. 

Signal enables users to monitor not just social media but the surface, deep, and dark webs in their entirety forming the crux of many organisations’ security efforts.

Identifying Threats 

Intertwined in the comments, posts, pins and tweets are a multitude of information security and business risks. From targeted phishing to full-on account takeovers or even emerging threats against physical assets. As social media continues to dominate business communications, security teams must understand and address the risks posed by social media, the largest unsecured IT network on earth.

Here are a few of the key identifiable security threats associated with social media.

Targeted Phishing

Phishing attacks have been evolving over the years to incorporate and take advantage of the everyday tools that both businesses and consumers use. One such method is by using social media to gather data on targets through phishing attacks and other strategies. 

For example, is your mother’s maiden name listed on your Facebook? Where did you go to school? Did you post pictures of your first ever pet? All of this data commonly used for security questions is freely available for determined fraudsters. For those that are a little more enterprising, they might even get you to volunteer particular details disguised as a fun quiz. Phishing attacks are generally used to gain valuable data which can then be used for monetary gain. 

Social Engineering

By using social platforms criminals can build trust and through the use of deception manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This can take on several different aspects whether it’s targeting employees to divulge information about a company or manipulating customers to share personal information that would allow them login access to their accounts for the purposes of identity fraud.

Account Takeover

An account takeover is a form of identity theft. This is when fraudsters illegally use bots to gain access to a victims account. There are several reasons this could be valuable to a hacker. For example, what they might do is launch a phishing attack from this account which will allow them to utilise the trust associated with that individual’s personal account to increase the chances of success. 

Physical Threats

Social media is a public forum where a huge number of people go to express their opinions. What this inevitably means is that both positive and negative sentiment is expressed about companies, organisations and people. Some of this sentiment holds serious reputational risks or may even evolve into a serious physical threat against an employee or asset. 

Final Words

Experienced hackers and cyber-criminals, understanding the public nature of the channels will attempt to avoid actions that expose their intentions. Social media threat monitoring in this way has its limitations, which paired with those relating to privacy protections inhibit it from being a comprehensive intelligence source.

That being said, social media, when monitored effectively can catch negative sentiment as well as expose potentially dangerous or threatening information or conversations in real time - some of which will prompt further investigation or other actions to be taken. Social media monitoring can provide critical real time information on threats increasing situational awareness, but organisations and their security teams are well-advised to not lose sight of the forest for the trees. 

The usefulness of social media monitoring is best leveraged in a holistic risk management approach, one that incorporates diverse security strategies, including a range of cyber security measures.

It’s no secret social media is now a key source of intelligence for corporate security professionals. But with so many social media monitoring tools to choose from; departments can easily end up choosing software that hasn’t been developed with their needs in mind, i.e. social media monitoring software built for marketing purposes.

This poor choice often impacts efficiency, results, and ultimately hurts the bottom line and, in some cases, employees.

Here are 5 tell-tale signs that’ll help you work out if the social media monitoring tool your corporate security department uses, needs an overhaul.

1.     Sometimes they’re the “last to know”

News travels fast these days. Some call it “the speed of internet”. What this means is, everyone and anyone with an internet connection can learn about and/or spread the breaking news happening at your corporation.

This increases the chance that a staff member might find out things before your corporate security department does. Especially when it’s happening in a retail store or near the event your CEO is speaking at.

Corporate security departments using operationally focused social media monitoring tools give themselves a better chance of being in the “first to know” camp.

2.     Reports are missing known threats

Lack of awareness can linger long past the date something occurred (especially for potential threats that are yet to fully develop).

When regular reports are missing developed or developing threats, that are already known to senior executives (whose lives and lively hoods depend on it), it may result in a loss of confidence from the executive team. Even when the corporate security department think they are being as effective as possible.

The wrong tooling might provide you with what looks like the most relevant and timely information, but you’re often missing the complete picture.

The right tooling, developed specifically for protecting executives, assets and supply chains, provides more advanced and targeted search capabilities (e.g. Boolean search) than typical marketing related tools. For those such tools, the focus is generally on social engagement and brand and reputation management rather than detecting potential and developing cybersecurity and physical threats.

3.     Incident response times are slow

Further to point 1, if your team is unaware of a threat, or simply hear about it too late, this can have a butterfly effect impacting the overall incident response time. This can potentially put the safety of staff and executives at risk, impacting “Duty of Care” responsibilities and even impacting revenue or costs.

Having the right monitoring tool often means you can plan ahead (building out a calendar of events to monitor), giving you a better chance of being the “first to know” and therefore speeding up incident response times.

4.     Small incidents often escalate

You guessed it! Catching threats early can keep small incidents… well, small.

This will save you and your team from having to deal with larger and more troublesome incidents in the future. So, how does Social Media come into this?

Sometimes the earliest signals come from the most unusual sources. Social Media, if used with the right monitoring software, can act as an early warning system for you and your team. It can even supply this early intelligence directly to your phone via SMS or email so you are always on top of new incident’s.

5.     Your team is too reactive

If you’re the Head of Corporate Security and you can’t understand why your team never seems to be prepared for events such as executive travel and retail store/office openings, it could be a sign they need to move to operationally focused social media monitoring software where they can plan ahead and schedule monitoring at certain locations over certain dates, times or seasons.

This not only instils a more active team culture allowing you to get ahead of potential issues, but it also reduces stress and allows your team to be in a better frame of mind when things really matter.

Conclusion

It wasn’t that long ago that there was very little in the way of social media monitoring software tailored for corporate security professionals. Early adopters persevered, as a stop gap, with tools designed for marketers.

These days’ things are a little different:

• The role of corporate security in any large corporation is becoming more important;

• Social media is an open source of intelligence when it comes to protecting executives, digital, physical assets and supply chains;

• Access to social media is now in the hands of the majority (wherever they are);

• Threats can be indirectly identified via social media posts made by the public and media.

And, most importantly, tools have been created specifically for corporate security professionals to make use of this free intelligence source.

Are you already making the most of these new tools or is it time to make the shift?

One of America’s biggest banks took four months to realise it had been hacked.

Signal could have helped the bank find and respond sooner to reduce their reputational damage.

In late July the $370bn bank Capital One announced a hack of one million social security numbers and 80,000 credit card-linked bank account numbers which is estimated to  cost over $100m to remedy.

Their announcement came 120 days after the actual hack occurred - the vigilant monitoring that Signal provides could have alerted Capital One to the problem quickly. Instead, it took months before a ‘white hat’ noticed conversation about the breach.   

The number of people affected was staggeringly high – in the words of Capital One itself, “The event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”

Here’s what happened:

On July 19, 2019, it was determined there had been unauthorised access by an outside individual who obtained personal information relating to Capital One credit card customers.

Capital One says it immediately fixed the configuration vulnerability that the individual had exploited and promptly began working with federal law enforcement.

The FBI arrested Paige Thompson, 33, a software engineer who formerly worked for Amazon Web Services… which Capital One is known to use.

Charges against Ms Thompson state she boasted about the hack on GitHub, Slack, and Twitter, allowing Capitol One the opportunity to quickly alert their cyber teams of a potential breach – if they were utilizing an OSINT tool like Signal.

Capital One claims it is unlikely the information stolen was used for fraud or disseminated by the individual, adding it believes no credit card account numbers or log-in credentials were compromised and that over 99 percent of Social Security numbers were not compromised.

The fact remains: one million social insurance numbers and 80,000 credit card-linked bank account numbers were exposed.

The largest category of information accessed was information on consumers and small businesses created when they applied for credit card products across the last 15 years, including:

• Customer status data, credit scores, credit limits, balances, payment history, contact information

• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

• 140,000 Social Security numbers of credit card customers

• 80,000 linked bank account numbers of our secured credit card customers

• The Social Insurance Numbers of one million Canadian credit card customers were also compromised in this incident.

The configuration vulnerability was reported to Capital One by an external security researcher through a Responsible Disclosure Program on July 17, 2019. Capital One then began their own internal investigation, leading to the July 19, 2019, discovery of the incident.  the hacker had four months to do what she wished with people’s personal information.  Unfortunately, it is common for hacks to take months to be discovered, reported, and patched if the proper monitoring solutions are not in place.

Capital One expects the incident to generate incremental costs of approximately $100-$150 million in 2019. Expected costs are driven by customer notifications, credit monitoring, technology costs, and legal support and notifying customers.

Capital One said in its public statement it has always invested heavily in cybersecurity and will continue to do so.  This breach shows how the convergence of cyber and physical security is continuing to evolve as companies continue to invest in infrastructure and tools to stay at the forefront of cyber threats.  As threat surfaces continue to increase, social media and dark web scanning tools have become even more important to identify threats in real time.

Clearly there’s a lot of money at stake, but the worst part of it all is the hacker boasted about it online and the response could have been a lot quicker.

While it doesn’t appear that the breach was for financial gain, the reputational damage for Capital One has been huge (and continues).

Here’s how signal can help prevent this sort of thing happening:

Signal’s point of difference is scanning the web and dark web for chat around data hacks, breaches and stolen information for sale.

We know that the accused thief bragged about what she was alleged to have done to Capital One, and this is precisely the sort of thing Signal is set up to prevent.

Signal offers:

• Monitoring over 15 data sources, including social media, web/forums, surface web, the dark web and online forums.

• Accurate real-time results centred around the geographical locations you need to monitor

• Advanced filtering of searches

• Excellent visuals so you’re not sifting through raw data to find out who’s talking about hacks at  your organisation

• Situation awareness

• Online operation centre capability and data

 Please feel free to read how Signal could have helped resolve

• A British banker selling stolen data on the dark web (and being exploited until he was driven to steal even more)

• Slow responses to crises emerging in the real world outside a business

• Parsing the dark web and seeing discussions about plans to rip off your bank or business

• Mitigating the Threat of Credential Stuffing through Dark Web Monitoring

 www.getsignal.info

info@signalpublicsafety.com