News
Information security is an important issue in every company. Therefore, the IS department has conducted monthly training to all employees in the company so that everyone can understand.
The following is an example of how social media posts help hackers gather information to attack a business?
Stephanie "Snow" Carruthers, leader of the "human hackers" team at IBM X-Force Red, shows that seemingly harmless employee posts and shares can help hackers get business data Karma. She reminds everyone to think twice before taking and posting a photo at the office, a photo with the tag #firstday, or a group photo at work. Because hackers are scouring social media for photos, videos and other clues that can help them target users companies to attack.
Social media posts are a goldmine of details that support attacks. What can be found in the background of a photo can reveal a lot an access card to a laptop screen or even a password memo.
According to her, there are four types of dangerous social media posts that hackers can exploit.
Group photo
Posting pictures of yourself and your colleagues at the office, whether its on a lunch break, doing some social activity… can reveal a lot. Think about the kinds of posters or whiteboards that hang in common areas of the office. A poster of “Football League Coming Soon” means that the poster will no doubt receive an email with a link pointing to the teams latest fixtures.
Photo taken with employee card
This may seem obvious, but there are many times when Stephanie sees new employees post a close-up photo of their corporate security card, especially on the first or last day at the office. Knowing what a companys ID card looks like will make erfeiting easy. Hackers can copy, paste and print photos of their faces within minutes. Although this fake card may not be used for automatic entry, you will be surprised to know that hackers can easily slip in and sneak in just by holding the card to walk through the company door.
During a search, X-Force Red team members found a photo of an intern along with a small photo of that persons face on the new company badge. After a few minutes of editing the photo, the team can use the image to produce fake cards.
A day in the office
When an employee decided to shoot his video blog all day at the company, hackers were able to get a lot of information. From knowing the building layout and card-protected areas to the whiteboard revealing the companys plans, this is almost as good as breaking into the company in real life. The following information may be disclosed:
Employee card layout
Building layout
Check-in procedure
Login information
Regulations on staff uniforms/equipment
Guards position
Common areas
Parking structure
Commonly used smoking area
Provider
The computer screen also reveals the types of tools and security software being used that can be used to orchestrate an attack by creating custom malware disguised as fake software updates. .
Complaints on the Internet
In todays "review" culture, understanding current issues affecting a companys employees can help a hacker create a phishing email that takes advantage of their complaints and desires.
For example, with a company with many employees complaining online about the lack of parking, the white hat hacker group wrote an email explaining the new parking policy and warning all cars parked outside the location. specified will be pulled. The excitement of finally having a parking space, plus the fear of the car being towed away, led to a lot of clicks on the fake (malicious) parking map attachment contained in the email.
What must we do to protect company information?
1. Before posting on any social networking site that has information related to the company such as: employee ID card, information about an internal company activity, etc., consider the possible effects. happen to the company.
2. It is strictly forbidden to take pictures/videos on company premises without approval
3. It is strictly forbidden to upload company photos to the source network without permission
23/05/2023
04/07/2023
