Page 91 - Cyber Defense eMagazine June 2024
P. 91

What Makes This Campaign Compelling

            The targeting of Meta for Business brings into focus the high value compromised businesses on social
            channels hold for cybercriminals. While individually-owned accounts are commonly the object of attacks,
            business accounts have the potential for a larger payout, broader reach, and less scrutiny.  There are
            several risks that organizations may face from their social media accounts; let’s run through several of
            the most common.




            Ad Fraud

            Organizations  with  access  to  Meta  Business  Suite  often  use  the  platform’s  considerable  advertising
            prowess to market their offerings to the ocean of social media users.  Adversaries who gain access to
            these accounts can hijack them to post ads to their own malicious offerings such as counterfeit goods or
            other scams.  In addition to siphoning funds already attributed to advertising in the platform, adversaries
            may have less trouble getting a malicious ad approved when posting it under the guise of a compromised
            organization.  Unlike the three other risks below, this threat is exclusive to businesses.



            Impersonation

            With access to an organization’s social media account, adversaries can attempt to use the accumulated
            trust  and  reach  built  up  by  an  organization  to  spread  misinformation,  propagate  further  scams  (as
            occurred  during  the  infamous  2020  Twitter  hack),  or  for  other  nefarious  purposes.    In  addition  to
            reputational damage, organizations may face considerable legal or regulatory risk if their social media
            presence is abused in this way.  A major consideration for security practitioners is that this risk exists not
            just for official organizational accounts, but also for the personal accounts of executives and other high-
            profile individuals tied to the organization.



            Data Harvesting

            Some organizations may leverage their social media account for sensitive communications, either with
            end users via direct message or via closed groups.  Adversaries who gain access to these organizations’
            accounts are able to access this information and may seek to sell it or otherwise use it for further malicious
            purposes.    The  actual  risk  here  will  vary  widely  from  organization  to  organization  but  is  something
            important to consider for security professionals supporting an organization that heavily leverages social
            media.  Like impersonation, security professionals should also consider whether this risk exists for the
            personal accounts of individuals within the organization.











            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          91
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   86   87   88   89   90   91   92   93   94   95   96