Dear Reader,
In this month’s newsletter, we take a look at social media and the security risks it poses for its users. As a reader of Cybersecurity Magazine, you are surely aware of some social engineering techniques used by malicious actors to attack or abuse your online personas. However, it is important to remember that these techniques keep evolving, and it is essential to stay vigilant at all times.
How social media impacts cybersecurity
To start with, Zac Amos recently wrote a great primer on the security risks social media carries for both businesses and individuals. He outlines five ways in which these platforms can be abused and, importantly, what you can do to make sure yourself and your employees are using them securely.
Leveraging classic social engineering principles
What can go wrong if security best practices are not followed highlights a recent phishing campaign, targeted at Twitter and Discord accounts. Utilizing the classic principles of urgency and intimidation, the attack attempts to trick people to surrender their account credentials to the attackers.
Attackers know how to blend in
Of course, phishing attacks are not limited to just a few platforms. Every popular website can be abused to become the channel for this sort of schemes. And some are particularly difficult to spot. Recently, phishing campaigns have been reported to use fake Facebook pages and Messenger features to lend them credibility and blend in.
Phishing attacks keep evolving
A novel social engineering threat that is likely to become more widespread is that of Artificial Intelligence used to create so-called “Deepfakes”. While most people will have seen this kind of video mimicking celebrities saying something funny, it is really just a matter of time until the same technology is abused for malicious purposes.
Online identities can easily be leaked
Lastly, a recently published piece of research serves as a reminder that there is very little that is anonymous about your online activities. Researchers from the New Jersey Institute of Technology showed that it is possible for malicious actors to determine which public identifiers their victim controls just by making them visit a specially crafted website. This could include email addresses and social media profiles, making it a prime target for data brokers and malicious actors gathering information.
Cybersecurity Magazine Editorial Team
----------------
ETSI's annual flagship event on Cyber Security will be taking place on 3-5 October 2022 in ETSI, Sophia Antipolis, France. ETSI is excited to announce the return to a face-to-face format for the event, scheduled to coincide with the Cyber Security Month 2022
The ETSI Security Conference 2022, running over three days, will debate EU and global cyber security regulation, policy, security innovation and standardization. Each day will have a dedicated theme: • Day 1: Global Regulation and Certification Landscape • Day 2: Security Verticals • Day 3: Technology Day:(Horizontals & Toolboxes
Agenda topics include: 5G, AI, Cyber Security Act (CSA), IoT / Connected Device Security, Post Quantum and Co-ordinated Vulnerability Disclosure (CVD). The detailed agenda should be available in July.
This face-to-face event provides an exceptional opportunity for the security community to come together to exchange with experts, network with peers, and share facts and opinions around the subject of cybersecurity standardization.
-----------------
For our latest video discussion on the security and production systems please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.
https://cybersecurity-magazine.com/
https://www.linkedin.com/showcase/cybersecuritymagazine
@magcybersec
https://www.facebook.com/Cybersecurity-Magazine-100535232117942
