Turning Zero-Day into D-Day for Cybersecurity Threats
I am a regular LinkedIn user. Over the years, I’ve found the connections I’ve made there to be useful, and it has been helpful to my career. It also gives me the chance to separate my personal and professional selves but still have some kind of connection with people I’ve met over the years.
I also know that LinkedIn is a serious security concern. Connections are a little more tenuous than on some other social platforms; folks want to connect with those who may be able to help their careers, and if that means accepting a request from someone three degrees separated from you, so be it. That contact of a contact is safe . . . right?
Yes, it probably is, which may explain why one in five LinkedIn users from the United Kingdom admitted to accepting a link request from a stranger, according to a recent Intel Security study. But, that study found something else: 87 percent of the respondents said they are unaware if their company had any policies in place regarding LinkedIn use or connections. These two factors are opening up enterprise data to security risks. As Infosecurity Magazine explained:
Black hats are increasingly looking to sites like LinkedIn to harvest information on employees and their roles within a company, which they can then use to make spearphishing attacks – often the first stage in a targeted attack or APT – more convincing and effective.
As security professionals have told me personally and have mentioned countless times in conference sessions, perhaps no social site has more information available for harvest than LinkedIn. In one place, bad guys have access to your current and past work history, your educational background, and your entire resume. Not only is the user at greater risk for a targeted attack, there is also the risk for identity theft.
A BrandProtect analysis of Fortune 100 CEOs showed some of these dangers of LinkedIn. It found that 15 percent have two or more profiles. As the BrandProtect blog post explained:
While our analysis did not investigate whether these duplicative accounts posed imminent threats, the mere existence of these duplicative accounts should be a major cause for concern for the security teams at these companies. It should also be a warning for companies and their employees who are facing an ever-increasing and sophisticated onslaught of targeted BEC [business email compromise] attacks.
Yes, these studies looked specifically at LinkedIn, but as Greg Mancusi-Ungaro, CMO at BrandProtect, pointed out in an email comment, risks from social media go far beyond LinkedIn, adding:
Bad actors are out there trolling social networking sites, looking to engage with executives, steal their biographies and socially engineer their way into organizations.
To be clear, the serious attacks don’t happen right away. This is a long game for the criminals. They are patient as they gather contacts and create impersonations and fictitious accounts in order to gain credibility through connections.
It’s why Mancusi-Ungaro recommended organizations proactively audit social sites for unusual activities and put policies in place that focus on employee connections.
Will I stop using LinkedIn? No, because I’ve found the good outweighs the bad. But I will be much more thoughtful about those connections and much more careful about checking my email.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.
