Social Media as the Top Malware Delivery Vehicle:

How to Protect Your Network

Presented by Paul Henry

Security and Forensic Analyst, Lumension

MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFA, VCP, SANS Institute Instructor

Should I allow network users to access social media?

• Impact on productivity

• Lack of control

• Compromise of security

The New World of Social Media Malware

• Attacks are no longer limited to those who post a wealth of private information online

• Hackers now leverage advanced techniques– Click jacking– Spear phishing– Password sniffing

Click jacking

• Click jacking attacks are regularly going viral on Facebook

• Be careful with that ever popular “like” button

Spear phishing

• Phishing now makes up 23 percent of all attacks in the realm of social media

Password Sniffing

• People often share passwords across multiple accounts– It may be a complex password but if shared

across multiple accounts it increases risk

• Just as importantly, what about your secret questions used to reset your password?

Surfing Unencrypted• Users think nothing of surfing social media

sites via open, unencrypted WiFi – You are exposing your account username and

password often• Are you using that password across multiple

accounts?

• A bad guy can harvest your secret questions once he/she is able access your social media accounts….

– Why guess the password when he/she can reset it to the password of his/her choosing?

So What Can You Do?

• Educate users

• Put policies in place

• Patch, patch, patch

• Leverage an endpoint security solution

User Education

• Ensure site visits are encrypted

• Pay attention to what is displayed in the browser bar

• Don’t share personal information, such as birth date or address

• Don’t trust people you don’t know

• Password credentials

User Policy

• Lay out usage policies, such as:– No downloading content from social media

sites– Use your personal email (rather than work

email) for access

• Even better, put tools in place to enforce these policies

Deploy Patches

• The top security priority is patching client-side software (SANS Institute)

• Don’t focus on Microsoft alone – more than 2/3 of today’s vulnerabilities come

from non-Microsoft applications– check Microsoft, Mozilla and Apple regularly

for browser patches

• Look at ALL vulnerabilities (not just critical)

Effective Software

• Multiple Consoles – 3-6 different management consoles on

average

• Agent Bloat – 3-10 agents installed per endpoint – Decreased network performance

• AV is no longer enough

• Move away from point products

What You Need

• At the very least, you should be leveraging software that employs:– Application control or whitelisting– Antivirus– Patch and remediation– Enforcement of the Rule of Least Privlidge

Questions?