In-Depth
Social Media: A Hacker's Secret Weapon for Accessing Your Network
Deep content inspection-based security solutions let your organization take advantage of social media's benefits as it safeguards policies and compliance.
By Dr. Hongwen Zhang, President and CEO, Wedge Networks
We've all seen this happen before: While at work, you login into your Facebook, LinkedIn, or Twitter page to see a link to an interesting video that a "friend" posted. You click on the link, and next thing you know a virus has been spread throughout your account and has likely found its way onto your computer or worse, your corporate network! Such a situation happens more often than we'd like to admit, leaving organizations struggling with the level to which they will allow social media sites to be used on the job.
The vast amount of Internet applications, Web services, and online social media outlets has quickly distorted the lines between corporate and personal usage, leading to an increase in malware outbreaks and data loss. Despite their functionality, services such as blogs, Facebook, LinkedIn, and Twitter pose a yet-to-be-realized threat in the workplace.
Many organizations will label these social media sites as trusted Web sites based on their popularity, but this does not take into account user-generated content. Hackers exploit this primary weakness and manipulate users into downloading malicious content or viewing malicious sites through friend news feeds, status, or recommendations. A recent study by Kaspersky Labs indicates social networking sites are 10 times more effective at delivering malware than the previous popular methods of e-mail delivery.
What has emerged from these targeted attacks are two major weaknesses: complex delivery methods and data harvesting. With recent research by Cisco showing organizations spending over $1.29 billion annually to fix targeted attacks, the need for a security solution that allows access to social media while safeguarding organizational policies has become a top priority.
Complex Delivery Methods
What makes social media sites so popular is the ability for a user to maintain their own page and share content with their personal connections. By breaching the trust an end-user has with their online network, hackers are able to embed malware into friends' content. This exploitation of trust increases the likelihood that people will fall victim to the malicious link.
The rapid generation of user content and updates allows for hackers to utilize these social networking platforms to send malicious content to a wide range of users. Either through a tweet or a status update, hackers are able to send content such as URLs, links, videos, and photos containing malware, to all contacts on that account.
Data Harvesting
What might be the greatest threat to security are targeted attacks where a hacker gathers information to create specific malicious content catered to your personality or interests.
With nearly everything being on either your computer or a mobile device, information is easily accessible by anyone looking for it. This information can be integrated with any database and put into use by hackers looking to create customized content and feed it back to a person or organization.
Data harvesting is the most threatening form of attack, as well as the most difficult to control. It is tough to dissuade employees from clicking on a link that might be appealing to them. Curiosity drives the spread of this malicious content; organizations must find a way to protect themselves and their employees from content that has the potential to be opened by an interested, yet unsuspecting end-user.
An organization's blocking and application control policies are rendered useless with these user-generated drive-by attacks on so-called "clean" social media sites; IT departments are struggling to keep up with the multitude of sites that are used on a personal and professional level across multiple devices.
A different security approach is necessary to counter these growing, socially engineered attacks. To defend an organization, inline real-time threat protection and malware analysis of all content, including hidden injected malware attacks and downloads, is now essential.
Deep content inspection is an advanced form of network filtering that works at a more comprehensive level than the previous method of deep packet inspection. Instead of solely checking the data or header of data packets moving through a network, deep content inspection strings these packets together to examine the entire file and understand its content and intent. The examined content can then be routed to specific parts of the network and checked against a virus database for malicious content. Together, deep content inspection, high-performance architecture, and anti-malware analytical engines are capable of effectively analyzing Web traffic for malicious attacks at all endpoints.
Deep content inspection-based security solutions allow organizations to take advantage of the benefits of social media while safeguarding organizational policies and guaranteeing compliance mandates are met by checking content moving through the network in real-time.
Equally as important as deployment of the proper security solution is the ability for an organization to clearly see the content available and, if needed, apply policies over users based on real-time understanding of the content within the applications. Additionally, having the ability to analyze Web traffic for malicious attacks would provide organizations with the reassurance that they are protected, even if their employees have been tricked.
Dr. Hongwen Zhang is president and CEO of Wedge Networks, a provider of remediation-based deep content inspection for high-performance, network-based Web security. He holds a Ph.D. in computer science from the University of Calgary; a M.Sc. in computer engineering from the Institute of Computer Technology - Chinese Academy of Sciences (Beijing, PRC), and a Bachelor of Science in computer science from Fudan University (Shanghai, PRC). With more than two decades of high-tech leadership experience, Dr. Zhang is a co-inventor and holder of several patents in the area of computing and networking. You can contact the author at Hongwen.zhang@wedgenetworks.com