Thursday, June 29, 2023

World Social Media Day: How Threat Actors are Weaponizing Social Media, from Phishing to AI-Powered Deepfakes


The Philippines is one of the most active social media communities worldwide, according to the Digital 2023 report. With 72.5% of the population on social media, Filipinos spend an average of 3 hours and 43 minutes on these channels to keep in touch with family and friends, read news stories, and find content.  As social media continues to exert its influence on everyday lives, it becomes increasingly crucial for Filipinos to remain vigilant regarding the evolving dangers associated with its usage. Recent technological advancements, particularly in the realm of artificial intelligence, have further exacerbated these risks, necessitating heightened awareness and precautionary measures.

With World Social Media Day around the corner, here are three ways social media is putting individuals and organizations at risk.

Social media preys on psychological weakness
Hackers consistently rely on user behavior to provide the openings they need to penetrate network defenses. While some look to exploit unpatched vulnerabilities in a system or network, often the most efficient way to target a business is through social engineering methods that manipulate users into breaching security policies and giving away information that can be used to steal data or launch an attack. 

According to Palo Alto Networks Unit 42’s 2022 Incident Response Report, attackers used phishing, a form of social engineering, 40% of the time to gain initial access to a system. By studying an employee’s social media profile, cybercriminals are able to develop a comprehensive profile of their victim, which they can then use to launch a targeted attack. These attacks appeal to emotions such as fear, curiosity, urgency, and greed and beckon unsuspecting employees to click on a link or attachment, ignoring basic cybersecurity hygiene. And with the Unit 42 Network Threat Trends Research Report finding that 66% of malware is delivered through PDFs, just one erroneous click of the button can lead to disastrous consequences, enabling malicious macros to infiltrate the system.

From catfishing to AI-cultivated deepfakes

Another risk associated with social media is that it involves people establishing connections without necessarily needing to establish authenticity. This requires a leap of faith, which can easily be exploited by threat actors. From identity theft to catfishing, cybercriminals use social media to capture information and content from unsuspecting victims, assume their identities, and commit fraudulent activity. 

But the breadth of ways impersonations or fake identities are being used in the security space is growing. As technological advancements improve the quality, customisability, and accessibility of artificial intelligence-enabled content creation, malicious actors are using this technology to exploit images and videos—often taken from social media platforms—and manipulate them into content that can be used for extortion, harassment, misinformation, and reputational damage. 

When disseminated through social media, convincing fake content—deepfakes—can instantly reach millions. A video altered to make it appear as if a CEO was announcing that profits were down could impact a company’s stock price; similarly, a presidential candidate appearing to confess complicity in a crime could lead to the disruption of an election. Although impersonators don’t necessarily need to be using techniques as advanced as deepfakes to cause havoc, such as the case of a fake account for a US pharma company announced it would be distributing free insulin, causing the company’s stock to plummet.

Malware and ransomware infiltrate the social web

Alongside using social media for intelligence gathering and dissemination, cybercriminals also share malicious links on social media directly. These links, harboring anything from viruses, trojans, spyware, and ransomware, help hackers access devices and networks to steal data and take control of systems. 

Of these formats, ransomware is seeing alarming growth. Philippine organizations were found by Unit 42’s Ransomware and Extortion Report to be severely affected by ransomware, with attacks surging to around 60% in 2022.

As public interest in generative AI grows, malicious actors also use this to their advantage, with ChatGPT-themed lures increasingly being used to spread malware across platforms like Facebook, Instagram, and WhatsApp. Earlier this year, Meta’s security teams uncovered 10 malware families using ChatGPT (and similar themes) to deliver malicious software to users’ devices. In one instance, cybercriminals created malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools, which were then promoted on social media and through sponsored search results to trick people into downloading malware. 

Tackling social media-powered cybercrime 

The above are just a few tools among a wide-ranging toolkit that cybercriminals are using to weaponize social media. And with the number of social media users worldwide predicted to grow to close to 6 billion by 2027, the risk that these platforms pose is unlikely to go away.

So what can organizations do to protect their employees? First and foremost, embedding cybersecurity education within the workplace curriculum and regularly testing the effectiveness of that training is crucial. Many companies incorporate measures like rewarding employees that spot phishing attempts and report them to the security operations team, and they see the value these practices can have for promoting cybersafety. 

On a company level, organizations should prioritize embedding a safety-first culture with a plan in place to manage the inevitability of a cyber incident. Business leaders should constantly be identifying, measuring, and evaluating risks and, where possible, limit access to sensitive information to need-to-know employees. Alongside building a robust defense plan, organizations should also establish a social media policy that sets standards around the organization’s online interactions, imposes consequences for misuse of social media, and mandates cyber awareness training for those directly involved with content publishing. 

Sean Duca, Vice President and Regional Chief Security Officer, Japan & Asia Pacific, said, “Ultimately, everyone has the right to feel safe online. And with the threat of a cyberattack ever-present in our personal and professional spaces, education is key to ensuring our digital identities and our business assets remain protected.”


About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyber threats, so organisations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit

Palo Alto Networks, Cortex, Unit 42, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

No comments:

Post a Comment