On Wed Dec 12, the McAfee Advanced Threat Research team revealed that hackers had conducted an elaborate infiltration campaign between October and November, which they named "Operation Sharpshooter," after the name of a function in the attack code. The campaign targeted individuals at 87 firms across a broad spectrum of companies globally including defense, finance, energy, telecommunications, and government organizations. Indicating new levels of sophistication, the McAfee report indicates that the campaign "leverages an in-memory implant to download and retrieve a second stage implant which we call Rising Sun -for further exploitation." As the report further indicates, the ultimate target of the operation is to penetrate security defenses for the purpose of extracting intellectual property.
Image courtesy McAfee Securing Tomorrow blog
The most intriguing discovery was the how these cybercriminals approached their targets. Raj Samani, Chief Scientist at McAfee and SafeGuard Cyber Advisor, explained in a recent podcast that bad actors posing as job recruiters for legitimate companies used social media messaging for outreach. After gaining trust, eventually the actors would direct targets to download a document containing a malicious macro. The recruiting companies, job listings, and recruiter profiles all appeared appropriate and realistic. In this attack, social media was the "weakest” link in a chain of vulnerabilities that gave the attackers the opportunity to execute a sophisticated data mining operation.
While CISOs now acknowledge email security is an essential element of a perimeter defense structure, the threat of corporate social media attacks aren't as well managed. In most cases, this is because social media is seen as the purview of marketing departments. Cybercriminals are exploiting this gap with social engineering attacks on professional networks. Simply, it's easier to hack an individual's trust than a corporate network.
In past blogs, we have discussed numerous cyber threats and topical exploits on social media:
- Malicious attacks - Bad actors target digital assets with direct account takeovers, malware, phishing re-directs, or bot attacks
- Brand Impersonation - Bad actors intent on scamming customers set up fake accounts, divert revenues, and conduct other fraudulent activities, all at the expense of the brand
- Brand & Reputational Damage - Often the target of bad actors for social engineering campaigns or digital sabotage; angry customers intent on revenge, or even innocent posts, can result in brand damage
- VIP Exposure - Often high profile executives are targets of impersonations, spear-phishing (aka whaling), bot attacks, doxxing campaigns, and more
- Data Loss & Data Privacy Risk - Sensitive information accidentally/deliberately leaked can results in IP loss, unauthorized financial disclosures, and privacy violations (PII, GDPR, HIPAA); all of which can result in heavy penalties & litigation exposure
Comprehensive defense means building an ecosystem that secures endpoints, cloud access, and social and digital channels outside the perimeter. CISOs should adopt an end-to-end approach that orchestrates security management systematically for surveillance, threat detection, risk response, and remediation.
The aggressive ambitions and scale of Operation Sharpshooter illustrates the need for companies to proactively build out their cyber security ecosystem to protect against the persistent vulnerabilities in social media and to assure the sovereignty of their digital properties into the future.
Get started by understanding your organization's digital risk profile. SafeGuard Cyber can assist your process with a complementary digital risk assessment. Contact us today.
July 6, 2020