Social Media Gone Wild · –Users spending time on social media –Social media apps and sites...
Transcript of Social Media Gone Wild · –Users spending time on social media –Social media apps and sites...
![Page 1: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/1.jpg)
Social Media Gone Wild
Generously sponsored by:
ISSA Web Conference June 26, 2012
Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London
![Page 2: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/2.jpg)
Welcome Conference Moderator
Mathieu Gorge ISSA Web Conference
Committee
2
![Page 3: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/3.jpg)
Agenda
Speakers
• Jean Pawluk- Consultant and Former Chief Architect, Visa
• Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI
• Aaron Sheridan- Senior Systems Security Engineer at FireEye
Open Panel with Audience Q&A
Closing Remarks
3
![Page 4: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/4.jpg)
Social Media Gone Wild Is A Perfect Storm is Brewing ?
Jean Pawluk
June 2012
4
Insert
Photo
Here
![Page 5: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/5.jpg)
A Perfect Storm is Brewing
Social interaction has blurred the work / life boundary
Users find many new ways to share data
![Page 6: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/6.jpg)
Factor 1 - Social Media - Amazing Growth
Big Five – Facebook (901M - Feb 2012) – Twitter (500M users – March 2012) – LinkedIn (161M users – March 2012) – Google+ (170M users – April 2012) – Windows Live (330M users – June 2009)
• Non US – Qzone (536M user – Dec 2011) – Tencent Weibo (310M users – Sept 2011) – Sina Weibo (250M users – Sept 2011) – Habbo (230M users – Sept 2011)
• Personal – Foursquare (15M users – Feb 2012) – Pinterest (10.5M users – Feb 2012) – Tumblr (42M users – Feb 2012)
• Corporate – Yammer (~ 5M users – April 2012) – Jive (~3000 firms – Sept 2011) – Chatter (~ 5M users ? – April 2012) – SharePoint (~ 20 M users – Oct 2009)
6
![Page 7: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/7.jpg)
Factor 2 - Easy to use & Hard to control
• BYOD
• Apps permission - Users just say yes – Links to unknown sites
– Data captures by accident or intent by 3rd parties
– Often coded with “ask forgiveness” mindset and little testing
• Geo-location
• Cross – app linking – Think mashups
• Twitter feeds -> LinkedIn
• Photo recognition and geo location tracking – > Foursquare x LinkedIn x Facebook x latest favorite app
![Page 8: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/8.jpg)
Factor 3 - Data Quarrying
• Deep tracking is not just science fiction.
• In reality: – No difference between public and private content
– Online personal and professional content is integrating
– Can harm you and others
• Data and reputation may never “go away”
• Freedom of speech doesn’t mean every thought should be posted (sex-texting)
• Eye-opening reads: – WSJ series “What they Know”
– Time’s “Data Mining: How Companies Now Know Everything About You
Illustration by Joe Zeff
Time Magazine
![Page 9: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/9.jpg)
Factor 4 – Increased Attack Surfaces
More – Users spending time on social media
– Social media apps and sites under constant attack
– Users bring your own devices
– New hardware, new uses
– Single Sign On and ID’s shared across social media
– Widespread use of shortened URL links
Social Media designed for sharing – Data is mobile & accessible anywhere
– More sites available for targeted attacks and to spread viruses and malware.
9
![Page 10: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/10.jpg)
What me ? Worry ? Business are waking up to social media security issues
• Information leaks
• Intrusions
• Viruses and malware
• Spear Phishing
• Loss of IP, corporate plans, market data, customer data
• Brand Damage
• Fear that employees wasting time at work
• Span of control issues with employees, customers and rivals
• Fear competitors trolling for info or creating misinformation to discredit the business.
• Liability and laws that differ around world.
![Page 11: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/11.jpg)
Examples
• Tricking users by friending them and then using them to spread malware – Easier to social engineer and leverage
– Koobface spread between Facebook and Twitter via social users
– Torpig used Twitter topics to create random domains to send victims to pick up malware and spread it further.
• Fake social media posts and updates from your “friends”
• Social Engineering of business - Completive Intelligence - RSA Secure ID hack used fake recruitment plan entry point
• Defrauding friends and relatives with scams asking for emergency funds
• Massive password thefts from social media sites
11
![Page 12: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/12.jpg)
Think about - Legal and Regulatory
• Who has legal liability?
• Who has device ownership ?
• Who owns the data content ?
• Who controls access to content ? – Approval mechanism
– What about censorship ? • Corporate
• Government
• Rogue system creation and use – Do you know what going in your company?
– Internal vs. Competitors
![Page 13: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/13.jpg)
Think about - User awareness, policy & tools
• Content & security levels ?
Create
View / Read
Edit / Delete
• Community use
Open - anyone
Restricted – limited public use
Private – members only
![Page 14: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/14.jpg)
Think about - User Behavior
Who do you trust ?
Users at work:
- Does social media affect work ?
Internal vs. External Content Use ?
Is Social Media (ever) secure ?
How much security is too much ? Courtesy Kexino.com
![Page 15: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/15.jpg)
User Tips
Think before you click ! think before you post !
Think twice about giving apps permission to your data
Beware
– shortened URL's
– interactive upgrade requests
– mobile apps and use of geo-location
Use an up-to-date browser
15
![Page 16: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/16.jpg)
User Tips Continued
Use unique logins and password for every site you use to limit exposure (Yep it a pain)
Verify domains
-check that the URL shows a legitimate website & not into a fake look a like site.
Be cautious of messages, emails, links & posts that seem suspicious.
Make sure security is up to date - patches on, anti-virus/spyware, firewall's, monitors & web advisory tools
16
![Page 17: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/17.jpg)
17
![Page 18: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/18.jpg)
Question and Answer
Jean Pawluk Consultant and Former Chief Architect, Visa
![Page 19: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/19.jpg)
Social Media Gone Wild Rebecca Herold
CIPP, CISSP, CISA, CISM, FLMI
Benefits, Dangers &
Information Security and Privacy Policies
19
![Page 20: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/20.jpg)
Page 20
© Rebecca Herold. All rights reserved.
Agenda
• What Is Social Media?
• A Few Social Media Facts
• Benefits...
• But Be Aware Of The Dangers...
• Using Social Media Apps
• Posting Photos and Videos
• Common Risks and Scams
• Topics/Issues to Cover Within Social Media Policies
• What to Tell Workers
![Page 21: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/21.jpg)
What is “social media”? Just a few examples of the most commonly used types of social media sites:
• Blogs such as TypePad, WordPress, etc.
• Collaboration sites, such as wikis (e.g., Wikipedia, Delicious) and social news (e.g., Digg)
• Livecasting and meeting sites such as Skype, Livestream, etc.
• Microblogs such as Twitter
• Photography and art sharing sites such as Photobucket, Flickr, Picasa, VineMe, etc..
• Presentation sharing sites, such as Scribd, Slideshare, etc.
• Product reviews sites such as Epinions.com, MouthShut.com, etc.
• People reviews sites such as RateMDs.com, Healthgrades.com, etc.
• Social networks such as Facebook, LinkedIn, Google+, Pinterest, etc.
• Video sharing sites such as YouTube, Vimeo, etc.
• Virtual worlds such as Second Life, Maple Story, etc
Page 21
© Rebecca Herold. All
rights reserved.
![Page 22: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/22.jpg)
Page 22
© Rebecca Herold. All rights reserved.
A Few Social Media Facts (1/2) • Twitter has over 555 million users and over 200 million
tweets per day
• Facebook has over 901 million users, 50% of which log in daily
• Over 150 million people use LinkedIn
• Google+ has over 170 million users
• Pinterest has over 11.7 million users
• Over 40% of all Internet traffic is video
• YouTube has 107 million unique visitors each month and 10.3 million followers on Twitter
• The number of social media sites is unlimited
![Page 23: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/23.jpg)
A Few Social Media Facts (2/2)
• Everyone is impacted by social media sites
• What happens on social media sites stays online forever
Page 23
© Rebecca Herold. All
rights reserved.
![Page 24: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/24.jpg)
Benefits • Customer Service
• Knowledge Sharing and Collaboration
• Patient Health Education
• Customer Awareness
• Learning
• Marketing
• New Contacts
• News/World Events
• Patient Care
• Research
• Crisis Management
Page 24
© Rebecca Herold. All
rights reserved.
![Page 25: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/25.jpg)
Dangers • Damage Reputations
• Leaking Information (e.g., PHI, employee info, etc.)
• Network Slow-Downs and Stand-stills
• Personal Relationships Damaged
• Physical Dangers
• Potentially Be Seen By Everyone
• For frequent hacks
• Spread Malware
• Keyloggers
• Time Bandits
• Used As Evidence in Investigations
• Misinterpreted Information
• Violate Laws
• Result in Civil Lawsuits
Page 25
© Rebecca Herold. All
rights reserved.
![Page 26: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/26.jpg)
Using Apps & Other Software
• Spotify
• Foursquare
• Farmville
• TribeHR
• Etc.
Page 26
© Rebecca Herold. All
rights reserved.
![Page 27: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/27.jpg)
Activities from Personal Networks/Devices • Don’t post about work
• Don’t post about co-workers
• Don’t post about customers, patients, etc.
• Don’t sync or share files between personally-owned computers and computers/systems
Page 27
© Rebecca Herold. All
rights reserved.
![Page 28: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/28.jpg)
Risks Posting Photos & Videos
• About workplace, patients, customers and co-workers
• Personal photos
• Patient/customer/consumer photos
• Obtaining consent
Page 28
© Rebecca Herold. All
rights reserved.
![Page 29: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/29.jpg)
Common Social Media Risks and Scams
• Spear phishing
• Social engineering
• Spoofing
• Malware
• Keyloggers
• Denial of Service (DoS)
Page 29
© Rebecca Herold. All
rights reserved.
![Page 30: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/30.jpg)
Social Media Policies Topics (1/11)
Appropriate use of social networks (Facebook, LinkedIn, YouTube and Twitter in particular)
• From the networks
• From the company-owned computing devices
• From networks using personally-owned computing devices
• From staff-owned computing devices and/or networks
• From public computers/networks
Page 30
© Rebecca Herold. All
rights reserved.
![Page 31: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/31.jpg)
Social Media Policies Topics (2/11)
Blogging
• Content of posts
• References to co-workers, customers, patients, the business, etc.
Page 31
© Rebecca Herold. All
rights reserved.
![Page 32: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/32.jpg)
Social Media Policies Topics (3/11)
Wikis (e.g., Wikipedia, GeniusWiki, Brainkeeper, Zwiki)
• Those (if any) acceptable to use for business purposes
• Those unacceptable to use for business purposes
• Acceptable activities for the wikis
Page 32
© Rebecca Herold. All
rights reserved.
![Page 33: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/33.jpg)
Social Media Policies Topics (4/11)
Information that should not be posted from any type of location/computer
• PHI, PII, SPI, etc.
• Co-worker information
• Confidential business information
Page 33
© Rebecca Herold. All
rights reserved.
![Page 34: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/34.jpg)
Social Media Policies Topics (5/11)
Marketing
requirements/guidelines
• Positions/departments authorized to
post
• Types of information acceptable to post
• Type of information that should not be
posted
• Do not take personal information from
sites to use for business (e.g.,
marketing, etc.)
Page 34
© Rebecca Herold. All
rights reserved.
![Page 35: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/35.jpg)
Social Media Policies Topics (6/11)
Security controls that need to be in place
• Anti-malware
• Firewalls (including personal firewalls)
• Spam prevention
• DLP
Page 35
© Rebecca Herold. All
rights reserved.
![Page 36: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/36.jpg)
Social Media Policies Topics (7/11)
Time spent on social networks while at work
• Not while with customers or patients
• Only for short periods of time
• Only during breaks
Page 36
© Rebecca Herold. All
rights reserved.
![Page 37: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/37.jpg)
Social Media Policies Topics (8/11) Linking/friending/etc. with customers, patients and co-workers
• Don’t ask for worker passwords
• Only authorized personnel can participate from accounts established for personnel
• Don’t link/friend/etc. from your personal accounts that list as your employer
• Examples of how to respond to request: – “Thank you very much for your invitation! However, it is against
our policies to link with or friend patients in social network sites.”
Page 37
© Rebecca Herold. All
rights reserved.
![Page 38: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/38.jpg)
Social Media Policies Topics (9/11)
Posting photos & videos
• Patient/customer posting (e.g., that patients/customers want to take with staff) – Ask that they only post images that include staff with the staff’s
knowledge
– Ask that they don’t include others within their images
• Staff posting – No posting of patient/customer images unless approved by the
Privacy Office or with written consent of patient
– No posting of images showing facility entries or other staff unless approved by the Privacy Office
Page 38
© Rebecca Herold. All
rights reserved.
![Page 39: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/39.jpg)
Social Media Policies Topics (10/11)
Reacting to posts about and staff
• Don’t respond directly to negative posts
• Report the negative posts to the PR Office
• Don’t argue, defame, or otherwise act negatively in communications with others online
Page 39
© Rebecca Herold. All
rights reserved.
![Page 40: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/40.jpg)
Social Media Policies Topics (11/11)
Donor searches (e.g., kidney, etc.)
• Only authorized personnel can post messages for such searches
• Only authorized personnel can post replies to posts offering organs
Page 40
© Rebecca Herold. All
rights reserved.
![Page 41: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/41.jpg)
Page 41
© Rebecca Herold. All rights reserved.
Before Posting Think (1)…
Are you posting anything you, or your friends, family, co-workers, employers, patients or guests don’t want the entire world to see?
– Internet-based social media sites are public, even many that say they are “private”
– Social media sites on “closed” networks have more controls
![Page 42: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/42.jpg)
Page 42
© Rebecca Herold. All rights reserved.
Do you want that post to be seen forever?
– Once posted on the Internet information is virtually impossible to remove
– Information posted on internal networks are easier to control
Before Posting Think (2)…
![Page 43: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/43.jpg)
Page 43
© Rebecca Herold. All rights reserved.
What are the consequences of your posts being used out of context?
– Your Internet posts can be copied, altered, reposted
– Will your hard work be used inappropriately by someone else?
Before Posting Think (3)…
![Page 44: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/44.jpg)
Page 44
© Rebecca Herold. All rights reserved.
Could your post put you, or your family, friends, co-workers, customers or patients in danger?
– Criminals like to see posts stating when people will be at specific locations, away from their home, etc.
– We are a litigious society
Before Posting Think (4)…
![Page 45: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/45.jpg)
Page 45
© Rebecca Herold. All rights reserved.
Are you violating any laws?
– Are you violating any healthcare, financial, or other federal, state or international laws?
– Are you committing copyright or licensing infringement with the information you post?
– Are you stating something as fact that really isn’t?
Before Posting Think (5)…
![Page 46: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/46.jpg)
Page 46
© Rebecca Herold. All rights reserved.
Is your message clear?
– Be sure you are not unintentionally breaking cultural norms or putting out something unintentionally offensive.
– Meet the expectations of company communications for internal sharing.
Before Posting Think (6)…
![Page 47: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/47.jpg)
Page 47
© Rebecca Herold. All rights reserved.
Remember…
Questions?
![Page 48: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/48.jpg)
Page 48
© Rebecca Herold. All rights reserved.
Contact Information
Rebecca Herold & Associates, LLC “The Privacy Professor”®
1408 Quail Ridge Avenue
Van Meter, Iowa 50261
Phone 515-996-2199
Web site: www.theprivacyprofessor.com
Blog: www.privacyguidance.com/blog
TwitterID: http://twitter.com/PrivacyProf
![Page 50: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/50.jpg)
Social Media Gone Wild Using Social Media for Spear Phishing &
Advanced Targeted Attacks
50
Insert
Photo
Here
Aaron Sheridan, Sr. Security Systems Engineer, FireEye
![Page 51: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/51.jpg)
Social Media Connects Us More Than Ever
51
(Google image search for “Social Media”)
![Page 52: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/52.jpg)
Social Media Content is Accessed and Updated Constantly
52
Ch
eck
ou
t th
is v
ideo
!
That post was hilarious!
![Page 53: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/53.jpg)
Advanced Targeted Attacks Using Social Media
53
Source: http://www.theregister.co.uk/2012/06/20/syrian_skype_trojan/
• Targeting Syrian activists Skype accounts
• Latest attack installs Blackshades Trojan
masked as video file
• When opened on Windows silently drops
a key logger and begins data theft
• Other recent attacks included targeting
the Youtube or Twitter credentials of high
profile Syrian opposition
• Remote Desktop Viewing, Webcam
spying and audio-eavesdropping
![Page 54: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/54.jpg)
Advanced Malware Attack Lifecycle
54
![Page 55: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/55.jpg)
Poison Ivy Trojan spreading via Skype
55
Source: http://infosecisland.com/blogview/21340-Skype-Malware-Campaign-Spreading-Poison-Ivy-Trojan.html
![Page 56: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/56.jpg)
Another Example in the News…
56
![Page 57: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/57.jpg)
The Information Was Used to Craft an Email…
57
![Page 58: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/58.jpg)
Social Media and the Attack on RSA
58
![Page 59: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/59.jpg)
Social Media and the Attack on RSA
59
![Page 60: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/60.jpg)
A very effective way to find targets
60
![Page 61: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/61.jpg)
Carefully Crafted Email and Attachment
61
![Page 62: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/62.jpg)
62
“…an all too real cyber espionage threat.”
Sourced from: http://www.theregister.co.uk/2011/05/27/lockheed_securid_hack_flap/
![Page 63: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/63.jpg)
Social Media Sites Can Be Used To Store Malware
63
![Page 64: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/64.jpg)
Malware Retrieves .rtf Exploit Stored on Free Blog
64
![Page 65: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/65.jpg)
How To Prevent Targeted Spear Phishing Emails
65
• Support large range of file
types (PDF, Office formats, ZIP,
etc.)
• Attachment analysis
• URL analysis
• Correlates malicious URLs to
emails at the CMS
REQUIREMENTS
• Protect against spear phishing and blended attacks
• Analyze all emails for malicious attachments and URLs
• Perform In-line MTA active security or SPAN/BCC for monitoring
• Provide Brute-force analysis of all Email attachments in VX Engine
• Web MPS integration for malicious URL analysis/blocking
• Web MPS integration for blocking of newly discovered callback channels
![Page 66: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/66.jpg)
The Virtual Execution Engine
66
PHASE 1
Multi-Protocol Object Capture
PHASE 2
Virtual Execution Environments
(Dynamic Analysis)
PHASE 1: WEB MPS
• Aggressive Capture
• Web Object Filter
PHASE 1: E-MAIL MPS
• Email Attachments
• URL Analysis
PHASE 1: FILE MPS
• Network File Shares
PHASE 1: MAS
• Human Driven via
GUI/CLI/SSH
Feedback
Loop
DYNAMIC,
REAL-TIME ANALYSIS
• Exploit detection
• Malware binary analysis
• Cross-matrix of OS/apps
• Originating URL
• Subsequent URLs
• OS modification report
• C&C protocol descriptors
Map to Target
OS and
Applications
Targ
eted
Th
reat
Inte
llig
ence
![Page 67: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/67.jpg)
The Malware Protection System
67
• Pace of advanced targeted attacks is
accelerating, affecting all verticals and
all segments
• Traditional defenses (NGFW, IPS, AV,
and gateways) no longer stop these
attacks
• Real-time, integrated, signature-less
solution is required across Web, email
and file attack vectors
• Advanced threat protection to
supplement traditional defenses and
stop advanced targeted attacks
Complete Protection Against
Advanced Targeted Attacks
Web
Malware
Protection
System
Malware
Protection
System
File
Malware
Protection
System
Register for a free threat assessment at:
www.fireeye.com/stopthreats
![Page 68: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/68.jpg)
5 Criteria for Advanced Threat Protection
68
1. Dynamic, signature-less engine to detect & block zero-
day and targeted inbound attacks (as used by APT
actors, crimeware actors, and Hacktivists)
2. Real-time protection to stop data exfiltration
3. Integrated, cross-protocol Web & Email inbound infection
and outbound callback protection
4. Accurate, no tuning, and very low false positive rate
5. Global malware intelligence for sharing threat indicators
to block zero-day malware & latest callback channels
![Page 70: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/70.jpg)
Open Panel with Audience Q&A
• Jean Pawluk- Consultant and Former Chief Architect, Visa
• Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI
• Aaron Sheridan- Senior Systems Security Engineer at FireEye Technologies, Inc.
70
![Page 71: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/71.jpg)
71
Closing Remarks
Online Meetings Made Easy
Thank you to Citrix for donating this Webcast service
Thank you to our Sponsor
![Page 72: Social Media Gone Wild · –Users spending time on social media –Social media apps and sites under constant attack –Users bring your own devices –New hardware, new uses –Single](https://reader033.fdocuments.in/reader033/viewer/2022051910/5fffc8fb56ec4d577a59d562/html5/thumbnails/72.jpg)
CPE Credit
• Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz.
• After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits.
72