McAfee predicts that sophisticated cyber adversaries will increasingly target, engage and compromise corporate victims using social networks as an attack vector, writes Raj Samani, pictured, Chief Scientist at the cyber firm.
Cyber adversaries have traditionally relied heavily on phishing emails as an attack vector for compromising organizations through individual employees. However, McAfee has observed more sophisticated threat actors increasingly using social networks such as LinkedIn, WhatsApp, Facebook and Twitter to engage, develop relationships with and then compromise corporate employees. Through these victims, they compromise the broader enterprises that employ them. McAfee predicts that such actors will seek to broaden the use of this attack vector in 2021 and beyond for a variety of reasons.
Malicious actors have used the social network platforms in broad scoped schemes to perpetrate relatively low-level criminal scams. However, prominent actors such as APT34, Charming Kitten, Threat Group-2889 (among others) have been identified using these platforms for higher-value, more targeted campaigns on the strength of the medium’s capacity for enabling customized content for specific types of victims.
Operation North Star demonstrates a state of the art attack of this kind. Discovered and exposed by McAfee in August 2020, the campaign showed how lax social media privacy controls, ease of development and use of fake LinkedIn user accounts and job descriptions could be used to lure and attack defense sector employees.
Just as individuals and organizations engage potential consumer customers on social platforms by gathering information, developing specialized content and conducting targeted interactions with customers, malicious actors can similarly use these platform attributes to target high value employees with a deeper level of engagement.
Additionally, individual employees engage with social networks in a capacity that straddles both their professional and personal lives. While enterprises assert security controls over corporate-issued devices and place restrictions on how consumer devices access corporate IT assets, user activity on social network platforms is not monitored or controlled in the same way. As attack vectors go, for instance, LinkedIn messaging is not the first cyber-attack vector of concern for the corporate security operations center (SOC).
While it is unlikely that email will ever be replaced as an attack vector, McAfee foresees this social network platform vector becoming more common in 2021 and beyond, particularly among the most advanced actors.
Other predictions from the firm:
Increase in weaponised AI attacks on cloud platforms and users: As well as weaponising AI, attacks on cloud platforms and cloud users will evolve into a highly polarised state where they are either “mechanised and widespread” or “sophisticated and precisely handcrafted”.
Hacking the home to hack the office: The increasingly dense overlay of numerous connected devices, apps and web services used in our professional and private lives will grow the connected home’s attack surface to the point that it raises significant new risks for individuals and their employers.
New mobile payment scams: As users become more and more reliant on mobile payments, cybercriminals will increasingly seek to exploit and defraud users with scam phishing or smishing messages containing malicious payment URLs.
Qshing: QR Code abuse in the age of COVID: Cybercriminals will seek new and ever cleverer ways to use social engineering and QR Code practices to gain access to consumer victims’ personal data.
The expected proliferations of copy-cat supply chain attacks: The revelations around the SolarWinds-SUNBURST espionage campaign will spark a proliferation in copycat supply chain attacks of this kind.
For the predictions in more detail visit https://www.mcafee.com/blogs/other-blogs/mcafee-labs/2021-threat-predictions-report/.
