"Have a plan to protect your accounts," Mike Price, CTO of ZeroFox, recommended, in a conversation with TechRepublic's Dan Patterson. Have a program, a policy, and "the right kind of manual and technical tools in place, so you can prevent it from happening" and recover quickly."
Read the full transcript of the conversation below:
Patterson: A growing number of account takeovers on social media indicate that cyberattackers are targeting brands, and if they take over your social media account, they can become the mouthpiece of your brand. Mike, I wonder if you can explain to me a little bit about what an account takeover is, and how does this type of cyberattack happen?
Price: Sure. Yeah. No problem. What we're seeing increasingly, especially over the last couple of years, is that hackers, so to speak, have taken strong interest in taking over social media profiles they just, for a variety of different reasons really, and so we've seen accounts that belong to sort of the average person, the average consumer taken over. We've seen accounts that belong to businesses taken over and even seen government organizations, and a lot of times this can be done in order for the account to be, perhaps resold, in different ways, or so that groups that have a particular agenda might be able to get their message out amongst a variety of other motivations.
Patterson: And how does this type of attack happen? Is it due to bad passwords? Is it due to bad security on the social media side?
Price: Often times, the social networks have done a pretty good job of providing mechanisms for people to use in order to secure their accounts, but some users have a hard time learning how to use those mechanisms properly. There are a lot of people that maybe don't use strong passwords or don't use two factor authentication, for example. And they even have had their passwords breached in the past, so if they're reusing their passwords in more than one place, oftentimes we see those stolen passwords used to hack accounts for example. So, the security mechanisms are there, but they're not always used properly or effectively used at the time.
Patterson: And who are the actors targeting social media accounts? Are they state actors? Are they organized crime? Are they lone wolves or a combination?
Price: Yes. Yeah. Definitely a combination. You know there's a lot of public examples when an account is taken over. The whole world gets see to that, often times. There are definitely very large numbers of accounts belonging to sort of average folks out there that are being taken over and used as part of botnets, for example, or being used, as part of a roll-up of accounts so they can be resold later. So in this case then, you might have the average cyber-criminal doing something like this. There are folks that are hacking accounts really just for the pain, so we see folks taking over accounts just for bragging rights. There are clear cases where we've seen, either mission state actors or actors that are in that space, for example, taking over accounts to publish their ideology. There's a pretty significant mix of all different types of actors doing this type of stuff.
Patterson: And how does this happen at large scale? I can understand a one-to-one, or a fairly linear relationship, but it must require some sort of expertise to take over hundreds or thousands of accounts at large scale.
Price: Yeah, one of the things that we've observed the most, is that, in terms of scale, a lot of people have the habit of using credentials to log into their accounts, and they share those credentials across many accounts, and then when some service that they use gets breached, the total user-database is stolen. Then those passwords become available to the underground, so to speak. So then what that actor can do, or that hacker can do, is typically take a database of emails and passwords, and then find the accounts on different social networks and different places, cause they're using those same emails and passwords, and take those accounts over in bulk.
To a degree, some automation can be built up, employ that process as well. We've seen a variety of techniques like that. There's also some phishing infrastructure that's been built out. It allows folks to phish users, in scale, for their social media credentials in order to then take over their accounts. There's a variety of scaling techniques in that regard.
SEE: Incident response policy (Tech Pro Research)
Patterson: And what can brands do, be they SMB startups or enterprise companies, to protect themselves from attacks like this?
Price: The advice that I always give folks is, first and foremost, to recognize that the risk is real. That's the first step. Once you've recognized that the risk is real, you need to have a plan to protect your accounts, be prepared in the event that something happens. You need to have, like most organizations, a bit of a program, a bit of a policy, and then you need to have the right kind of manual and technical tools in place, so you can prevent it from happening. But, if by some chance, it does happen you know exactly what to do and how to recover quickly. There are some materials you can read, and be informed by, and there's some services in part that you can purchase and help with that as well.
- Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
- Cyber-crooks find a new way to share malware and scams (ZDNet)
- Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees (TechRepublic)
- Ransomware surges again, as cybercrime-as-a-service becomes mainstream for crooks (ZDNet)
- The 10 most common types of malware, and how to avoid them (TechRepublic)
- Ransomware keeps its hold on your data, Verizon says (CNET)
- Ransomware: A cheat sheet for professionals (TechRepublic)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.