What Is Real-time Social Media Security Monitoring?
Social media security monitoring is exactly that, proactively using social media to identify and analyze security threats to an organization. These threats may include anything from negative sentiment identification to explicit threats targeting personnel to phishing attempts.
But real-time social media monitoring is not quite as simple as it sounds. For every solution, there are unforeseen issues. For example, if you have an organization whose name contains a common word or phrase, social media monitoring tools can easily inundate a security team with extremely high volumes of information, most of which is entirely irrelevant.
Thus, understanding the threats that social media may pose can help a team whittle down those irrelevant results and only have to look at the most relevant information. In addition, developing keyword lists to apply against the organization’s search terms provides references points for large-scale monitoring and alerting to deliver threat information in real time.
Security Threats Posed by Social Media
The social media landscape is vast, and the range of potential threats against a given organization or individual are legion.
Below are the top 5 most common security threats we observe on social media. These threats should be monitored in real-time and must have the fastest Mean Time to Detect (MTTD) and the Mean Time to Resolve (MTTR) possible.
- Reputation – Not all threats are necessarily technical but critical for the security team be aware of. Individuals or groups may seek to tarnish an organization’s reputation by making comments en masse, a process known as brigading, about that organization’s products, services, or personnel. Thanks to review aggregators and micro blogging platforms, these negative reviews can quickly mushroom into major headaches for an organization that relies on customer trust to produce and maintain its revenue stream.
- Account Hijacking – Even worse than brigading, and possibly even a cause for a brigading campaign, is the prospect of an account hijacking, which occurs when a threat actor takes over a social media account and uses it for malicious means, whether using the account to tarnish the organization’s reputation or to conduct other sorts of unseemly online activities. Although account hijacking is relatively simple to recover from, the damage done may have lasting impacts detrimental to the organization.
- Oversharing – One of the greatest dangers presented by avid social media users, especially those who leave their location settings turned on, is that they unwittingly (and sometimes fully wittingly) share details about their locations, plans, and other information that shouldn’t be made public in a manner that allows potential adversaries to track them or provide an opportunity.
- Impersonations – Whereas account hijackings require the use of legitimate login credentials, impersonations do not, and therefore are much more dangerous. Impersonations can occur when a threat actor pretends to be both individuals and organizations, often seeking to either tarnish a reputation, cause general chaos and confusion, or set up an angler phishing campaign.
- Surveillance – Thus far, all of the threats mentioned have been active, but the open-source intelligence threat targeting the individuals and personnel associated with an organization is just as important, despite its relative passiveness. Surveillance seeks to identify individuals and their roles in order to set up and launch spear phishing and whaling campaigns. For more information about how threat actors conduct OSINT campaigns against individuals and organizations, see Online Footprinting: Target Selection and Phishing Expeditions.
- Phishing – Finally, and perhaps most dangerous of all, is social media phishing, which often involves using a malicious link to distribute malware, spam, or other threat against an individual’s computer. Yes, surveillance can identify individuals, for a targeted campaign, but social media phishing will ensnare unwitting individuals. This is very common when an angler phishing campaign spoofs a customer support account and intercepts customer queries.
This is only a description of the threats presented by social media in the broadest of terms. Within each category are multiple subcategories and further aspects to consider when attempting to prepare defenses against each threat type, and there are plenty of other security concerns that social media poses to its users.
Security Keyword Lists Built With AI
One of the most difficult aspects of social media monitoring is understanding how to properly configure word lists and apply those lists to a search. Developing synonym lists for all the various threats that may target your organization is a time-consuming process that is highly difficult to fully implement properly. Then, when considering all of the different facets of threat types that may appear across the social media landscape, the task becomes even more daunting.
With DigitalStakeout Scout, this work is already done. DigitalStakeout Scout has several pre-configured wordlists along with the option to build custom lists. Simply apply the wordlist filter against your search terms and the results only show what is most relevant to you and your organization. What makes these word lists powerful is that they are built by deep learning algorithms to provide the proper filtering you need to prevent a blind spot.
Real-time Alerting of Security Threats
DigitalStakeout also provides the option of configuring a monitor to deliver real-time alerts, so that your security team can rest assured that if a threat does develop, they will be the first to know. With these alerts, if an executive happens to share information about his upcoming business trip, the executive protection can identify this information in real-time and have that information removed before its appearance online has an opportunity to potentially harm the organization or its personnel. If a threat actor creates a fake support account and starts angler phishing customers, the cyber security team can be alerted an unauthorized account is engaging with customers. The team can take immediate action to takedown the fake account and corresponding domains used in the attack. For more advanced security teams, complex alerts can be consumed into an existing security stack with a REST API for further orchestration.
Learn More about how DigitalStakeout Scout can immediately support your real-time security operations needs.