Bitdefender security researchers recommend all employees to refrain from revealing the name of the company they are working for and minimize data sharing on social networking platforms. This information will do them and their companies more harm than good.
And nowhere is this recommendation more urgent than in the United States â€“ the country with both the highest profile hacking targets and the most lax citizenry when it comes to disclosing private information on the internet.
The greater the amount of information a companyâ€™s employees share on social networks, the greater the chance the company will be hit by highly targeted attacks designed to infiltrate its infrastructure and steal data or wreak havoc.
A Bitdefender study of Google+ today showed that 22 per cent of Americans reveal their employer or occupation on Google+ – more than seven times the global average of 3 percent. Only 7.8 per cent of Brits and 3.4 per cent of Spaniards do the same.
Americans are also very nonchalant about disclosing their city of residence. Some 47 percent of those with Google+ accounts give that information, compared to only 25 per cent of Brits. Germans are the most private, at 15 percent.
Check-ins, random comments, holiday snapshots and links posted on social networking platforms offer the puzzle pieces of a life that, put together, help attackers create accurate impersonations or lures to attack against them and their employers.
Social network information aggregators such as findpeopleonplus.com for Google+ and Graph Search for Facebook allow practically anyone to find a personâ€™s age, relationship status, education, occupation and place of employment.
Using free tools such as findpeopleonplus.com or Graph Search, Bitdefender pinpointed more than 100 employees â€“ with full name and occupation – of top-tier corporations such as Google, Facebook or Apple, all in a dayâ€™s work.
Itâ€™s too easy for an attacker to aggregate a database of sensitive information about a company using profile info disclosed by employees on social networks. With clues as to a target companyâ€™s hierarchy, criminals can send targeted e-mails or messages to expose an employee to unpatched vulnerabilities and malware -Â and breach even elaborate corporate defenses.
Such an attack begins by identifying employees – potential points-of-entry for cyber-criminals. One can easily find out their interests and what platforms and operating systems they use, then precisely target an attack to infiltrate the company.
The advent of BYOD dramatically increases chances of success, as itâ€™s much easier to compromise a system when connected to the userâ€™s home network. When the system is compromised, the attacker simply waits until it connects to the corporate network.
Apple, Facebook and Twitter have all fallen victim to attacks targeting employees as the weakest link in security. Attackers used malware designed to attack Windows and Mac computers alike. All employees did was visit iphonedevsdk.com, an iPhone developer forum that exposed them to an undocumented vulnerability in Oracleâ€™s Java browser plug-in that allowed installation of malware on visitorsâ€™ devices.
To avoid helping a stranger use trust relationships and familiar circumstances to attack you or your company, be discreet in sharing details about your private and professional life. For more on what’s to be done to prevent such breaches, also consult the tips and tricks on how to fend off spear phishing attacks here.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.