"It's something that you don't hear as much about, but the problem is pervasive" - Jay Kaplan, former Defense Department cyber-security expert
It only took one shot for Russian hackers to infiltrate a Pentagon official's computer. The attack method however wasn't through email or an obvious file randomly accepted and downloaded. It was a Twitter post of a family-friendly vacation package deal.
The Twitter post contained a link posted by a bot with promises of a family summer getaway for affordable prices. It was the type of link anyone might click on, and that is exactly why the attack succeeded. Pentagon officials and cyber-security experts say that companies are so focused on training staff to recognize suspicious emails that they don't even realize that hackers are already exploiting social media as a new attack platform.
Pentagon officials are becoming increasingly alarmed at the rate that hackers are utilizing social media sites such as Facebook and Twitter to sneak into the Department of Defense computer networks. The same concept of tricking individuals into opening emails is greater to happen on social media where users believe they are among trusted friends.
A single person being compromised is all it takes in order for a full-blown attack to take course. The attack surges through the user's friend network, which leads to as described by the Department of Defense as "a nightmare situation in which entire departments at the Pentagon could be targeted." Companies must now focus on retraining employees on cyber-safety.
Few people understand that clicking on link that appears on Facebook or Twitter could cause the same amount of damage as the malicious emails opened during last year's Democratic Party scandal. Accounts on social media can be imitated, so it appears to the user that information being received is being sent by a trusted family member or friend.
The Department of Defense informs that the scale of phishing attacks taking place on social media accounts is unlike anything they've seen before. In a report with Time magazine they state about 10,000 spear phishing attacks took place on Twitter. Facebook has also released a white paper in regards to the recent trends of hacking and how to keep their users safe. Jay Kaplan, former Department of Defense and National Security Agency expert, said "most people don’t think twice when they are posting on social media. They don’t think about people using the information against them maliciously. They also don’t assume people on their network might be attackers.”
The employee that had been target by initial Twitter post of a family getaway informed that he had been targeted through his wife's Twitter account. She had been discussing plans for the summer for her children with friends when the link was shared to her and infected her network. The hackers got through to the Department of Defense after she spread the malware to her husband.
Source: The New York Times