The Philippines is one of the most active social media communities in the world, according to the Digital 2023 report. With 72.5% of the population on social media, Filipinos spend an average of 3 hours and 43 minutes on these channels to interact -with family and friends, reading the news, and searching for content. As social media continues to exert its influence on daily life, it has become increasingly important for Filipinos to remain vigilant about the ever-changing dangers associated with its use. Recent technological developments, especially in the field of artificial intelligence, have further exacerbated these risks, requiring more awareness and precautionary measures.
With World Social Media Day just around the corner, here are three ways social media is putting individuals and organizations at risk.
Social media is a victim of psychological vulnerability
Hackers often rely on user behavior to provide the openings they need to penetrate network defenses. While others look to exploit unpatched vulnerabilities in a system or network, often the most efficient way to target a business is through social engineering techniques that manipulate the users to violate security policies and provide information that can be used to steal data or launch an attack.
According to Palo Alto Networks Unit 42’s 2022 Incident Response Report, attackers use phishing, a form of social engineering, 40% of the time to gain initial access to a system. By studying an employee’s social media profile, cybercriminals can create a comprehensive profile of their victim, which they can use to launch a targeted attack. These attacks appeal to emotions such as fear, curiosity, urgency, and greed and encourage unsuspecting employees to click on a link or attachment, disregarding basic cybersecurity hygiene. . And with the Unit 42 Network Threat Trends Research Report finding that 66% of malware is delivered via PDFs, just one wrong button click can lead to disastrous consequences, enabling malicious macros which can infiltrate the system.
From catfishing to AI-cultivated deepfakes
Another risk associated with social media is that it involves people establishing connections without necessarily establishing authenticity. This requires a leap of faith, which threat actors can easily exploit. From identity theft to catfishing, cybercriminals use social media to obtain information and content from unsuspecting victims, assume their identities, and conduct fraudulent activity.
But the breadth of ways impersonations or fake identities are being used in the security space is growing. As technological advances improve the quality, adaptability, and accessibility of artificial intelligence-enabled content creation, malicious actors are using this technology to exploit images and videos—often taken from social media platform—and manipulate it with content that can be used for extortion, harassment, misinformation, and reputational damage.
When spread through social media, convincingly fake content—deepfakes—can quickly reach millions. A video edited to make it appear as if a CEO announced that declining profits could affect a company’s stock price; similarly, a presidential candidate appearing to confess to complicity in a crime could lead to the disruption of an election. Although impersonators do not have to use techniques as advanced as deepfakes to cause chaos, as in the case of a fake account for a US drug company announcing that it will distribute of free insulin, causing the company’s stock to fall.
Malware and ransomware have infiltrated the social web
Along with using social media for intelligence gathering and dissemination, cybercriminals also directly share malicious links on social media. These links, which hide anything from viruses, trojans, spyware, and ransomware, help hackers gain access to devices and networks to steal data and take control of systems.
In these formats, ransomware has seen alarming growth. Organizations in the Philippines were found in Unit 42’s Ransomware and Extortion Report to be severely affected by ransomware, with attacks increasing to 60% by 2022.
As public interest in generative AI grows, malicious actors are also using it to their advantage, with ChatGPT-themed baits increasingly being used to spread malware on platforms such as Facebook, Instagram, and WhatsApp. Earlier this year, Meta’s security teams discovered 10 malware families that use ChatGPT (and similar themes) to deliver malicious software to users’ devices. At one time, cybercriminals created malicious browser extensions available in official web stores that claimed to offer tools based on ChatGPT, which were then promoted on social media and through sponsored search results to trick people into downloading malware.
Dealing with social media-powered cybercrime
The above are just a few tools among a wide toolkit used by cybercriminals to exploit social media. And with the number of social media users around the world predicted to grow to nearly 6 billion by 2027, the risk that these platforms will likely not go away.
So what can organizations do to protect their employees? First and foremost, embedding cybersecurity education within the workplace curriculum and regularly testing the effectiveness of that training is essential. Many companies are incorporating measures such as rewarding employees who spot phishing attempts and report them to the security operations team, and they see the value these practices can bring for improvement. in cyber safety.
At the company level, organizations should prioritize embedding a safety-first culture with a plan in place to manage the inevitable cyber incident. Business leaders must constantly identify, measure, and evaluate risks and, if possible, limit access to sensitive information to employees who need to know. Along with building a solid defense plan, organizations should also establish a social media policy that sets standards around the organization’s online interactions, imposing consequences for misuse of social media. media, and mandated cyber awareness training for those directly involved in content publishing.
Sean Duca, Vice President and Regional Chief Security Officer, Japan and Asia Pacific, said, “Finally, everyone has the right to feel safe online. And with the threat of a cyberattack ever present in our personal and professional lives space, education is key to ensuring our digital identities and our business assets remain protected.