How Cybercriminals Weaponize Social Media

In the era of social media, cybercriminals and state actors use these networks to monitor various social events such as protests, elections, and natural disasters.  These bad actors commonly employ crowdsourcing techniques to obtain critical intelligence into ongoing cyber attacks. It is one of their primary real-time monitoring dashboards to gauge the effectiveness of their attacks such as data breaches, account hijacking, cyber propaganda and a host of other attacks.
These attacks are well coordinated and overwhelming that bear the hallmarks state actors are behind most of the malicious activities.  For example, attacks against the social media networks that have a large user base such as LinkedIn, Facebook, Twitter, and Instagram are common. 

Researchers have described social media as a modern-day electronic lynch mob. For instance, any insignificant local story suddenly becomes viral where millions of people distort the facts drumming it up with the virtues or evils of partisan politics. Anonymity is a force multiplier where fake online identities provide cover for even more significant effects, no one is called to account for their words.

Common Weapons

The Koobface malware and variants first originated in Russia in 2008 are one of the most prolific weapons used against social media. It infects a computer by enticing a user to click on a link that will download and install the payload from a crafted message posted on a victim’s timeline. It is similar to phishing techniques used in email systems. Once infected, the worm will tunnel through a computer system collecting personal information, authentication credentials, financial information, and contact lists creating fake posts in the victim's name so it can propagate to others rapidly. 

The malware backhauls the exfiltrated data to a central command and control center (C&C).  As more compromised computers are infected, it will form a botnet where each computer will connect back to the C&C for updates propagating itself to millions of computer systems. Cybercriminals will use software of their choosing to orchestrate various other attacks from compromised systems that install other types of malware imaginable making the victim’s computer system a node in the global and state-sponsored criminal network.

C&C centers are overwhelmingly distributed globally making it virtually impossible for any corporate entity or government agency to take them offline. These C&C centers significantly amplify the attacks from both old malware and the new variants with the billions of targets that exist on social media today. The malware attacks a wide range of systems based on Windows, Mac, Linux and various mobile devices based on Android and IoS.

Trend Micro produced a whitepaper that demonstrates architecturally how the Koobface malware propagates. Botnets affected Google, Facebook, LinkedIn, Yahoo and other social media sites stealing millions of login credentials.  Once compromised, the attackers discreetly exfiltrate personal data from online friends and colleagues. Fake and illicit accounts created in various social network platforms are difficult to stop or control. Facebook estimates that 50-100 million of its active monthly user accounts are found to be fake with 14 million of those exhibiting illicit behaviors.

Another tactic a cybercriminal uses is the False Flag attack which is an illicit scheme designed to deceive a social media user into revealing personal information. For example, user redirection to a web site from a crafted email or pop-up window designed under the guise of the site is common. It will have an urgent request to reset the user’s password credentials. 

Social media provide a trove of targets business enterprises employ to market and solicit information. Some organizations leverage the data to conduct surveillance and reconnaissance attacks to gain a competitive advantage. Governments both domestic and foreign use the platforms to conduct surveillance gathering intelligence and launch cyber attacks.

Cyber propaganda is a state-sponsored tactic that is designed to manipulate and influence public perception toward an attacker’s point of view. Propaganda itself is an old and effective method to sway public perception. For instance, during the cold war radio stations such as Radio Free Europe and Voice of America were used to broadcast western political views and global news into eastern communist-bloc countries.

According to various research studies, there are three propaganda attack methods:

  1. Fake News delivered through social media provides instantaneous real-time results changing public perception of events. Unlike the limited radio and television broadcasting of the past, modern technology provides an avenue for bogus reporting, the creation of false alternative facts and images. This technique is presented in a realistic manner coercing the public to believe in it spreading the fake news over the internet making any corrective action nearly impossible. It is the sheer volume of fake news emanating from various news media, journalists who are sympathetic to their cause that make it persuasive that drives anger and discontent.
  2. Database hacking is various techniques to gain unauthorized access into otherwise secure systems to steal critical data.  It is most often used to compromise the owners of the exfiltrated data to blackmail them. The data is often strategically timed to produce the most negative effects. Such propaganda campaigns are a hallmark of state-sponsored attacks because they take considerable resources and time to execute. 
  3. Machine hacking is an act of breaking into the actual source of information such as a voting device to deliberately change the results by hacking the software.

Defending Against Cybermedia Attacks

Most social media platforms have deployed sound layered security measures such as multi-factor authentication, encryption, granulated privacy settings, user awareness, continual monitoring, suspending and eliminating problem accounts in an ongoing battle. Machine and database hacking are preventable using appropriate layered security architectures and the use of behavioral analytical tools to halt these attacks. 

The best defense against propaganda campaigns is counter-propaganda, and the techniques are as old as propaganda itself. It is in effect an organized global campaign to change the narrative hijacking the fake news rather than debunking every falsehood or attacker.  Counter-propaganda must be well organized, state-sponsored and nearly unanimous in the message it would deliver to the population. With the sheer number of news organizations globally, it would resemble the daunting task of herding the cats.

Facebook has orchestrated a method where they focus on driving the propaganda’s audience to a more realistic positive direction by using the articles in question with fact-checking side-by-side. Many news media outlets are using this technique to discredit fake news. Building readership awareness is crucial to make them stop and think before believing what they see or read online through social media as credible. 

The Chief Information Security Officer (CISO) should build robust awareness policies that address Cybermedia attacks within their organizations. Organizations that use social media as a weapon to gain a competitive advantage runs counter to the ethics the security and privacy industry stands for. It is crucial that the products and services an organization markets be left standing on its own merits rather than illicitly sway public opinion with falsehoods. Moreover, it is not enough to build awareness to thwart phishing campaigns via email or on social media, but build the awareness to recognize the illicit techniques in what they read such as deflection, distraction and arguing.

All security professionals should be made aware of cybermedia attacks, their methods as it has become a global security concern that is growing and becoming far more sophisticated. Cybercriminals possess advanced social engineering skills to influence their targets believing in disinformation.