Organizations spend billions of dollars on cybersecurity per year, $7.3 billion has been invested in cybersecurity startups over the past five years, and annually cyber-attacks cause hundreds of billions of dollars in damage. We’re not talking about small potatoes, and the question is: What more can be done?
Imagine having the power to harness social media data to not only understand brand sentiment or consumer trends, but also use the data to proactively improve cybersecurity by identifying potential cyber threats before they reach the front door. By analyzing open-source intelligence (OSINT) from various social mediums with the goal of uncovering cyber threats, that power becomes a reality.
Just as food bloggers, gamers, gang members and other individuals with common affiliations/interests flock together, our research indicates that those who wish to collectively do harm, including hackers, follow the same pack mentality. This means by analyzing an individual’s social media accounts we can get a feel for their choice of cereal and favorite coffee as well as their affiliations, types of content they hyperactively engage, their intent, and much more.
The Calm Before the Storm
In January 2015 there was a sudden spike in threats against airlines with over 20 threats made in a 2-week period. Unfortunately for Delta Air Lines, many flights were grounded due to bomb threats made via Twitter, which proved to be hoaxes. But while the bomb threats themselves weren’t credible, the individuals making the threats had other goals in mind. Their intent was not to cause physical damage or loss of life, but instead wreak havoc and spur negative PR.
As the threats aimed at Delta flights were occurring, Soteria Intelligence tracked the individuals making the threats and established a connection to hacker groups based on a variety of data points. We came to the conclusion that a cyber-attack was imminent.
There was truly calm before the storm [of negative PR] in that after the threats were made there was a period of 2-3 weeks of silence. Then, through what we believe was some form of social engineering, Delta’s Facebook page was hacked and flooded with phallic images matched with inappropriate commentary.
Delta responded with this tweet:
Using Social Media to Improve Cybersecurity
Through years of research on social media threats, Soteria Intelligence has found that similar to threats made on social networks before school shootings and ISIS chatter prior to deadly attacks, social media can play a key role in uncovering impending cyber-attacks by providing actionable intelligence that allows organizations to strengthen security measures and inform employees of potential social engineering schemes before they occur.
Looking at the Delta incident and how it transpired, below is a very elementary graph I put together highlighting how chatter we discovered led up to a social media threat then a questionable 3-week period before the cyber-attack occurred.
The moral of the story: Cybersecurity companies must think outside of the box and use social media to gather intelligence that could shed light on potential cyber-attacks in the future. If there are warning signs, they must be identified.
By connecting social media dots, organizations can improve their cybersecurity posture by seeing threats on the horizon before attacks occur.