The State of Social Media Infrastructure
On January 12 of this new year, the Twitter and YouTube accounts of the United States Central Command – CENTCOM – were hacked.
Hackers claiming allegiance to the Islamic State took control of the social media accounts, posting threatening messages and propaganda videos, along with some military documents.
The command’s Twitter and YouTube accounts were eventually taken offline, but not before a string of tweets and the release of military documents, some of which listed contact information for senior military personnel. A Centcom spokesman confirmed their accounts were “compromised,” and said later that the accounts have been taken offline while the incident is investigated more.
“CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a military statement said. “CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.”
While this was not a hack of highly sensitive systems, the ability to hack a social account often reflects lax or poor password security, or a target falling victim to a phishing attack via email.
Given the above, we felt it was an excellent opportunity to share some very detailed research from Nexgate. If you are unfamiliar with Nexgate, they are a division of Proofpoint, and provide cloud-based brand protection and compliance for enterprise social media accounts. Their technology seamlessly integrates with leading social media platforms and applications to find and audit brand affiliated accounts, control connected applications, detect and remediate compliance risks, archive communications, and detect fraud and account hacking.
This paper is the second of three.
Nexgate is used by some of the world’s largest financial services, pharmaceutical, Internet security, manufacturing, media, and retail organizations to discover, audit and protect their social infrastructure.
Report Summary
From July 2013 to June 2014, the very smart folks at Nexgate researched the accounts created and run by each Fortune 100 company on each top social network (although more focus was placed on Facebook, Twitter, and YouTube).
The results of Nexgate’s analysis of the Fortune 100’s social media infrastructure demonstrate unique threats impacting enterprise social media accounts. Unauthorized accounts, content-based threats, and account hijacking are all risks that must be addressed. Given the scale and complexity of the infrastructure, manual review of all social media content is impractical. Automated discovery, monitoring, and remediation technology more effectively find unauthorized accounts, remove malicious content, and detect account hacks.
The external threats covered in the report represent one segment of the factors that make up social risk – internal compliance risk, are also important to recognize and address.
Findings
After finding roughly 32,000 accounts run by those 100 companies, Nexgate explored the activity on those accounts represented by more than 60 million pieces of content and 2,100 unique applications used by those brands to communicate. That brand-generated content resulted in nearly 1 billion pieces of engagement such as likes, shares, followers, subscribers, etc.. The accounts, content, public communications, applications used, and social metadata, (e.g. time of the post) were collected using Nexgate’s patent-pending technology using approved API integrations with the social media platform’s public APIs. Nexgate’s technology, expert systems, and researchers applied unique contextual, linguistic, behavioral, application, and content classifiers to this data in order to accurately find company accounts, activity, and the related risks to them or on them.
Key Findings:
- Social media threats are on the rise. The explosive growth of this new digital communications platform has created opportunity for hackers and fraudsters to target big brands and exploit the upswing in social media marketing investment.
- Nexgate performed a threat analysis of the social media presence of all Fortune 100 firms for the 12-month period extending from July 2013 to June 2014. The analysis documents both the scope and scale of social media threats to the enterprise and its community. This paper presents the results of that analysis.
- The scale of social infrastructure is overwhelming limited enterprise staff assigned to moderate and review content for threats. The average Fortune 100 firm now has 320 social media accounts with an average of 213,539 commenters making 546,658 posts to these accounts. For more information on the scope and scale of the Fortune 100 social media infrastructure, see Benchmarking the Social Communication Infrastructure of the Fortune 100.
- Three main social media threat types were identified: account hijacking, unauthorized accounts, and content-based threats (e.g. malicious links, phishing lures).
- On average, 40% of Facebook accounts claiming to represent a Fortune 100 brand are unauthorized, and 20% of Twitter accounts are similarly unauthorized.
- Social spam grew by 658% since mid-2013, when Nexgate’s State of Social Media Spam was released.
- 99% of malicious URLs lead to websites with malware or phishing attacks.
- 2.29 accounts per firm exhibited hijack indicators (e.g. malware links posted by brand managers). Social media account hijacks have become so common that Nexgate is now able to identify historical patterns that can be used to determine whether or not a hijack has occurred, such as a burst in posts or abnormal content.
- The primary purpose of social media threats are to steal customer data (credit cards, etc.), damage the brand, manipulate markets, and perpetrate various Internet con schemes (e.g. “Make Money Working from Home!”).
Firestorm Analysis
Threats continue to evolve; as technology moves into its next phase of sophistication, so too do those who use technology to foster misinformation and distrust, breach sensitive data, and attempt to attack and hack – with pinpoint accuracy – to create the greatest amount of damage.
All too often we have seen these attacks come as a complete surprise to the intended victims, or if not by surprise, certainly by denial.
At Firestorm, we have a simple philosophy: To know, you must listen and look.
Working with clients in crisis, we have found that they have no formal intelligence network before, during, or after a crisis. They find themselves continually surprised by these emerging events.
In most cases, there were clear warnings signs or ‘indicators’ that were missed. These indicators should have triggered decisions and actions that could have prevented or mitigated crisis impacts. These indicators were seen in behaviors of concern and on social media.
Over the years, Firestorm has used social media monitoring as an effective tool in crises. We find that many clients initially discount the risk management potential of social media monitoring. Their initial reaction is that social media monitoring is only a Google search. The value is marginalized.
So what is an intelligence network? There are two, key components in building these intelligence networks – Listening and Looking. We see:
- Listening as creating conversion aggregators and identifying what is being communicated regarding your organization and people. Utilize streams, phrases, and words. Listening is general situational awareness.
- Looking as focusing on a specific location, event, or person based upon an identified crisis, threat, risk, exposure, or vulnerability. Utilize geo-coding and spheres of influence. Looking is targeted awareness.
Working with our monitoring platform partners, and our team – trained and deeply experienced in building an intelligence network – we can create a sphere of awareness – we cancel out social noise and focus on what’s really going on so you can address potential threats before circumstance spins out of control.
Read the Nexgate Report, and you can also download and read our analysis on The Right and Responsibility of Social Monitoring
Related: Media Monitoring – Start Here
“What should we do now?” “What should we say?”