As part of these revelations, it was claimed that GCHQ was using social media technology to spy on members of the public, alter the information they perceive to be true and to post under various assumed aliases. Techniques, of which some were still in the process of being developed, were predominately aimed at extracting information via phishing a user’s social media profile.
As experience tells us that security services and cyber criminals develop technologies and tactics at a similar pace, it would be fair to assume that these cyber spying tools could, and even possibly are, now being used for corporate gain.
The threats – what’s at stake?
How would your company fare if every new RFP it received was also shared with a key competitor? Or, what if blueprints for the latest product launch were leaked? Cyber criminals are not just after credit card details. Corporate espionage is far more complex and organised than that. And the growth in popularity of social media is providing the ideal landscape for cyber crime.
Whether you love it or hate it, social media is growing at a rapid rate and your employees will more than likely be accessing it via your network. Although you will more than likely have inappropriate social media use written into your ‘office rules’, it isn’t just your employees watching videos of dogs riding bikes or updating their Facebook status that you need to worry about. Sites, which are more acceptable within the office, such as LinkedIn and Skype, are experiencing problems too.
For instance, an application dubbed ‘Miniature Hero’ has the ability to source real-time call records, instant messages and contact lists from Skype. Used by cyber criminals, information could be extracted via this application including details of business contacts and sensitive communications between your business and other parties. Applications like this are inadvertently downloaded by staff, tricked into clicking on a link in an email or on a website that that they think is safe.
Other applications that could be targeted to disrupt and access your corporate network include Fatyak. The application, which is targeted at the website LinkedIn, collects public data from the business-focused social network. LinkedIn is a popular tool for employees to extend their network and because of its professional nature; it is currently being underestimated as a source of disruption.
A recent Barracuda survey discovered that LinkedIn was highly trusted by users and could therefore be a serious threat. The survey determined that, out of all of the social networking sites, LinkedIn had the lowest number of users that felt unsafe. Complacency is never a safe place to sit.
Outside of the social media aspect, the use of the tool ‘Swamp Donkey’, which is an application designed to modify Excel spreadsheet documents.
The thought of high-tech cyber criminals targeting your network is a worrying one, but there are ways you can protect against attacks.
Education, education, education
Hacking has never been so sophisticated. The majority of employees will have already worked out that if they get an email claiming they have won the lottery in a far-flung foreign land and asking them to follow the link, there is a very high chance that it spells trouble and they will avoid it. Spam folders are also very good at protecting against that kind of obvious threat.
However, attackers now do a lot of research and can copy legitimate emails from reputable companies, as seen in the case of LinkedIn. Users are likely to get an email asking them to click a link which they believe will take them to the site, but it will lead them astray and on to download malware.
In order to protect the company network, businesses need to educate their employees to look out for this kind of trick. Make sure they know the email address of companies such as LinkedIn so they can double check. It takes a matter of seconds.
Keep your defences in-check
One of the most effective ways of keeping your employees and therefore networks safe is to ensure users have proper email and web security that is kept up to date. In addition to this, protect your databases by using configured Web Application Firewalls (WAFs) and again, keep them up to date.
The tools used to keep your employees and therefore the network safe are Firewalls; Web Application Firewalls (WAFs); Application Developer Controllers (ADCs). They not only ensure security as a border guard does, but also direct and optimise the data flows like a traffic policeman.
Who would have thought ten years ago that the tools deployed by one of the world’s most advanced security services would also be the exactly the same tactics being used by cyber criminals in order to steal competitive information, corporate secrets and financial data? It is becoming an increasingly complex world in-terms of data security but it only takes a few minutes to educate your employees, update your line of defence and keep you network on track. It may not be a case of national security, but it could certainly be a case of corporate survival.
Wieland Alge is GM +and VP of EMEA at Barracuda Networks.
Share this story