Attackers Change Tactics to Social Media

Wednesday, June 11, 2014 @ 03:06 PM gHale


The hacker group behind a campaign targeting a vulnerabilities in versions of Microsoft Internet Explorer changed its approach to spread malware using social media, researchers said.

The Clandestine Fox hackers altered their attack strategy after Microsoft issued a patch for the IE flaw, FireEye senior threat analyst Mike Scott said in a blog post. FireEye uncovered the new attack campaign after detecting a number of malicious social network messages targeting its customers, he said.

RELATED STORIES
How Attackers Bypass Security: Report
Ineffective Password Security Practices
Insider Threat Real; Protection Weak
Aware of Info Loss, Data Still Not Secured

“The attackers used a combination of direct contact via social networks as well as contact via email, to communicate with their intended targets and send malicious attachments. In addition, in almost all cases, the attackers used the target’s personal email address, rather than his or her work address,” Scott said.

“This could be by design, with a view toward circumventing the more comprehensive email security technologies that most companies have deployed, or also due to many people having their social network accounts linked to their personal rather than work email addresses.”

FireEye director of technology strategy Jason Steer said while the Clandestine Fox strikes are only targeting very specific groups, the effectiveness of the tactic means it is only a matter of time before the wider crime community heeds the call.

“Sites like Facebook and LinkedIn are prime sites to look for and target people. If you create a fake profile with a throwaway email account you can be anyone you like and if you access it via Tor no one knows where you connect from either and hence hard to trace back. Then you connect with the target,” Steer said.

Steer said businesses should remain vigilant and take precautionary measures to protect themselves from future social media-based hack campaigns. These include deleting suspicious messages and requests from people you don’t know without opening them and using long passwords not shared across multiple accounts.



Leave a Reply

You must be logged in to post a comment.