In the digital age, the security of corporate social media accounts is not just an IT concern, but a strategic imperative that directly impacts brand reputation, customer trust, and potentially, a company’s bottom line.

Social media platforms, while essential for marketing and customer engagement, are also attractive targets for cybercriminals. A breach can lead to unauthorized posts, resulting in reputational damage, loss of sensitive data, and even financial consequences, as seen in high-profile cases like the SEC X account hack earlier this year.

To mitigate these risks, companies should adopt a comprehensive approach to social media security. This includes the use of strong, unique passwords, enabling two-factor authentication, and limiting account access to a select group of trusted employees. Regular monitoring of account activity can help detect any unusual behavior indicative of a breach.

Furthermore, companies should establish a well-defined social media policy, conduct regular security training for employees, and have an incident response plan in place. The use of dedicated emails for social media accounts and secure connections for account access can provide additional layers of security.

Finally, the use of social media management tools that offer robust security features, such as Hootsuite or Sprout Social, can help streamline the process of securing multiple accounts across different platforms.

In conclusion, securing corporate social media accounts should be a top priority for businesses in today’s interconnected world. By implementing these best practices, companies can protect their digital presence, maintain customer trust, and safeguard their reputation.

Threat Landscape Update

As society becomes more interconnected, a growing concern has emerged regarding the deliberate targeting of social media accounts by threat actors. These malicious entities, ranging from cybercriminals to state-sponsored hackers, recognize the strategic value of infiltrating and manipulating organizations’ online presence. The compromise of social media accounts not only poses a direct threat to data security but also jeopardizes brand reputation, customer trust, and overall organizational stability. Below, you will find recent instances where this occurred:

• Mandiant X Account (Mandiant’s account on X hacked to push cryptocurrency scam (bleepingcomputer.com))
  • The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked on January 3rd to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
  • After getting control, the attacker renamed it to @phantomsolw and promoted a fake website impersonating the Phantom crypto wallet and promising to distribute free $PHNTM tokens as part of an airdrop.
  • The attacker then attempted to drain the targets’ cryptocurrency wallets by having them install a malicious app through the phishing link in the post.
• SEC X Account (US SEC’s X account hacked to announce fake Bitcoin ETF approval (bleepingcomputer.com))
  • The X account for the U.S. Securities and Exchange Commission was hacked on January 9th to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.
  • “Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges,” read the fake X post.
  • The news quickly spread, with many cryptocurrency and mainstream news sites covering the story and Bitcoin prices briefly spiking.
  • The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
• The Associated Press Twitter Hack (2013) (AP Twitter Account Hacked in Market-Moving Attack – Bloomberg)
  • In April 2013, the Twitter account of The Associated Press (AP) was hacked after a phishing attack.
  • The attackers posted a false tweet claiming that there had been two explosions at the White House and that the President was injured.
  • This tweet caused a temporary stock market dip, wiping out $136 billion in equity market value.
  • The AP quickly regained control and clarified the situation, but the incident highlighted the potential for significant real-world consequences from social media account breaches.

Social Media Account Security Best Practices

Securing corporate social media accounts is crucial to protect the company’s reputation, customer trust, and sensitive information. Here are some best practices for securing these accounts against attacks or compromise:

• Strong Passwords: Use complex passwords that include a mix of letters, numbers, and special characters. Avoid using easily guessable information like company name or “password.”
• Two-Factor Authentication (2FA): Enable 2FA for an additional layer of security. This requires a second form of verification, such as a text message or an authentication app, to access the account.
• Dedicated Email: Use a dedicated email address for social media accounts that is not used for other purposes and is not publicly known.
• Limited Access: Only grant access to the social media accounts to a select group of trusted employees. Use roles and permissions features to limit what each user can do within the account.
• Regular Monitoring: Regularly monitor the accounts for unusual activity. This includes checking for unauthorized posts, messages, or changes to the account details.
• Security Training: Train all employees with access to social media accounts on security best practices and how to recognize phishing attempts and other social engineering attacks.

• Social Media Policy: Establish a corporate social media policy that outlines acceptable use, who can post, and the process for responding to security incidents.
• Update and Patch: Ensure that any software used for social media management is kept up to date with the latest security patches and updates.
• *Revoke Access: When an employee with access to the social media accounts leaves the company, immediately revoke their access.
• Use of Secure Connections: Always access social media accounts from secure connections. Avoid public Wi-Fi and consider using VPNs.
• Incident Response Plan: Have an incident response plan in place that includes steps to take if a social media account is compromised.
• Regular Password Changes: Change passwords regularly, and especially after any suspicion of unusual activity.
• Verification: Verify the account with the social media platform, if possible, as this can add credibility and sometimes provides additional security features.
• Backup Contacts: Keep a backup list of contacts and account recovery information in a secure location.
• Audit Trails: Use social media management tools that provide audit trails to track who posts what content.

By implementing these best practices, companies can significantly reduce the risk of their social media accounts being compromised.

Appendix

Social Media Management Tools

Social media management tools can help provide security controls and audit capabilities to further help protect corporate social media accounts. Below you will find some examples and features that are focused on keeping these accounts secure. (Note – Fortress does not advocate or formally endorse these platforms)

When choosing a social media management tool, consider the specific needs of your organization, including the number of accounts you need to manage, the size of your team, and your specific security requirements. It’s also a good practice to take advantage of free trials to test out the features and ensure they meet your expectations before committing to a subscription.

• Hootsuite: Offers comprehensive monitoring across multiple social media platforms and includes features like secure logins, permission levels, and the ability to approve posts before they go live.
• Sprout Social: Provides strong security measures, including custom user roles and permissions, audit trails, and secure profile management.
• Buffer: Known for its ease of use, Buffer also offers features like two-factor authentication and the ability to easily add or remove team members.
• Agorapulse: Includes a unified social inbox for monitoring messages and comments, as well as features for team collaboration and access control.
• Sendible: Offers custom workflows for team members, which can help with securing the approval process for content, and also includes two-factor authentication.
• CoSchedule: Alongside its scheduling and marketing calendar functionalities, CoSchedule provides team management features to control access and permissions.
• Oktopost: Designed for B2B companies, Oktopost focuses on lead generation and includes features for securely managing and monitoring social media activity
• Crowdfire: A simpler tool that’s good for smaller businesses, Crowdfire still includes security features like access controls and secure posting.
• Zoho Social: Part of the Zoho suite of business tools, Zoho Social includes role-based access, two-factor authentication, and activity logs.
• 1SocialPilot: Offers features like social media calendar, bulk scheduling, and team collaboration, with security measures such as access control and secure login.

About Fortress Security Risk Management: 
Fortress Security Risk Management protects companies from the financial, operational, and emotional trauma of cybercrime by enhancing the performance of their people, processes, and technology.  

Offering a robust, co-managed solution to enhance an internal IT team’s capability and capacity, Fortress Security Risk Management features a full suite of managed security services (24/7/365 U.S. based monitoring, cyber hygiene (managed patching),  endpoint detection and response (EDR), and air-gapped and immutable cloud backups) plus specialized services like Cybersecurity-as-a-Service, Incident Response including disaster recovery & remediation, M&A cyber due diligence, GRC advisory, identity & access management, threat intelligence, vulnerability assessments, and technical testing. With headquarters in Cleveland, Fortress supports companies with both domestic and international operations. 

In Case of Emergency: 
Cyber Attack Hotline: 888-207-0123 | Report an Attack: IR911.com  

For Preventative and Emergency Resources, please visit: 
RansomwareClock.org

The post Fortifying Your Brand – The Essential Guide to Enterprise Social Media Security appeared first on Fortress SRM.

It’s a sad and dangerous fact: cyber-attacks on airports and airlines are increasing in frequency, sophistication, and severity. Here is a small, recent sample:

• The South Carolina Department of Revenue reported a cyber-attack that impacted several airports in the state, including Charleston International Airport and Greenville-Spartanburg International Airport.
• Kansas Department of Transportation reported a cyber-attack that affected the computer systems at Wichita Eisenhower National Airport and three other airports in the state.
• The Metropolitan Nashville Airport Authority reported a cyber-attack that impacted its website and other computer systems.
• The Port of Seattle reported a cyber-attack that affected its email system and caused flight delays at Seattle-Tacoma International Airport.

There are over 19,500 airports in the United States according to the Federal Aviation Administration (FAA)¹ including public, private, and military. The FAA directs over 45,000 commercial flights per day throughout the U.S. To suggest that aviation security—physical and digital—is important, is a dramatic understatement.

Aviation is a powerhouse contributor to economic growth, supporting over $3.5 trillion to worldwide Growth Domestic Product (GDP). Employment is estimated at 65 million globally. Aviation provides military protection, transports freight, supports tourism, and provides health and humanitarian aid to all parts of the world. It is safe to say global economies would grind to a halt without aviation. Many of us experienced this during the primary months of COVID.

Knowing this, how does a country, let alone a community, deal with the real threats to aviation? Cyber-attacks, along with a list of man-made and natural causes, directly impact peoples’ ability to freely to move about the country.

The U.S. created the framework and the cross-collaboration mechanisms to work with the private sector to address the most pressing security and business continuity issues that face aviation specifically and transportation, in general. This white paper reviews the national approach to aviation safety within the identified sixteen critical industry sectors, as well as providing insight into the framework and what Fortress Security Risk Management envisions as the most appropriate security measures for aviation safety.

Background

Critical Infrastructure Protection (CIP) was recognized as a U.S. national priority in 1998 by then-President Bill Clinton, Executive Order 13010, establishing the Commission on Critical Infrastructure Protection. The written document is the National Infrastructure Protection Plan (NIPP).

A key objective of NIPP emphasized the creation of partnerships between government (federal, state, local) and the private sector. Today there are sixteen (16) critical infrastructure sectors as identified and focused on by the Cybersecurity & Infrastructure Security Agency (CISA).² Beyond CIP, CISA developed and published the CISA 2023-2025 Strategic Plan.³

Transportation

The Transportation Systems Sector (TSS) has always been a CIP priority sector. DHS⁴ and the Department of Transportation⁵ are formally designated as co-sector risk management agencies for transportation. This includes Aviation, Highway and Motor Carriers, Maritime, Mass-transit and Passenger Rail, Pipeline Systems, Freight Rail, Post/Shipping. It is evident Transportation has far-reaching ramifications for citizens, communities, and other key stakeholders both nationally and internationally.

Within TSS are resources and working groups that enable transparency, accountability, and the framework for advancing the mission and objectives of the TSS CIP. To safeguard the nation’s transportation infrastructure, this framework centers on threat identification and protection concerning acts of terrorism, natural disasters, and cyberattacks.

At a high level, TSS CIP most relevant principles are:

1. Risk assessment: A risk assessment is conducted to identify the potential risks and vulnerabilities of the transportation infrastructure. This helps to determine the appropriate measures to mitigate and prevent these risks.
2. Coordination and collaboration: Emphasize the importance of coordination and collaboration between federal, state, and local agencies and the private sector, to enhance the security of transportation infrastructure.
3. Physical security: The need for physical security measures, such as physical access control, perimeter security, and surveillance systems, to protect critical transportation infrastructure.
4. Cybersecurity: Recognize the expanding threat landscape of cyber-attacks on transportation infrastructure and to prioritize the need for robust cybersecurity measures to prevent, detect, and respond to these attacks.
5. Emergency preparedness: The importance of emergency preparedness and response planning to ensure that transportation infrastructure can continue to operate in the event of a crisis.
6. Training and education: Addressing the importance of training and education programs to enhance the skills and capabilities of transportation industry personnel to identify and respond to threats, and to create awareness for the user population of transportation services.
7. Continuity of operations: Continuity of operations planning to ensure that critical transportation infrastructure can continue to operate during and after a crisis.

TSA Amends Cybersecurity Programs for TSA-regulated Airports and Airport Operations

Earlier this March, in direct response to increasing persistent cyber-centric threats, TSA issued an amendment to cybersecurity protection programs for airports and operations to bolster measures for cybersecurity, protect against infrastructure disruption, and to proactively assess their current-state efficacy toward cybersecurity compensating controls. This follows closely on similar measures outlined in October 2022, to passenger and freight rail carriers.

David Pekoske, TSA Administrator, said, “This amendment to the aviation security program extends similar performance-based requirements that currently apply to other (TSS CIS).”

Fortress Security Risk Management Analysis

A key requirement for the aviation industry is to implement stronger cybersecurity measures to protect against specific cyber threats and attacks, including ransomware attacks, phishing attempts, and other malicious activities. This includes implementing advanced security protocols, such as multi-factor authentication (MFA), data encryption, and real-time threat monitoring and response.

Aviation industry stakeholders must establish a robust Incident Response plan that outlines the necessary steps to take in the event of a cyber-attack. This includes having clear lines of communication and coordination between all relevant stakeholders, including airline operators, airports, government, legal, and law enforcement agencies, as necessary.

In further research, we found aviation industry experts are saying this amendment is long overdue and should have been something airports and operations have been doing for years.

Emphasis on aviation is a direct result of the aggressive focus by the current White House Administration on cybersecurity.

Substantiated through our work with various TSS organizations, including airports and over-the-road carriers, Fortress Security Risk Management sees the following compensating controls as must-haves to meet minimum conditions set out by this new amended agenda:

• Develop Network Segmentation Policies and Controls: Airlines and airports are responsible for the continued operation of safe services in the event their information systems have been hacked.
• Create Access Control Measures: Mandate the implementation of technologies and cyber best practices that ensure only those that are supposed to have access to information systems are properly authenticated and authorized.
• Implement Continuous Monitoring and Detection Policies and Procedures: Airlines and airports are responsible for making sure they update and implement the proper tools and procedures that enable them to “defend, detect, and respond” to cyber-attacks.
• Cyber Hygiene: The required implementation of software patches and updates to be monitored and implemented in a “timely manner using a risk-based methodology.”
• Device Security: Calls for the implementation of proven Endpoint Detection and Response (EDR): Utilizing bonafide behavioral-based detection systems that go beyond simple anti-virus tools.
• Maturity and Capability: Proactive, ongoing assessment measured against an established framework⁶ (NIST, ISO, CIS, etc.)

About Fortress: 
Fortress Security Risk Management protects companies from the financial, operational, and emotional trauma of cybercrime by enhancing the performance of their people, processes, and technology.  

Offering a robust, co-managed solution to enhance an internal IT team’s capability and capacity, Fortress Security Risk Management features a full suite of managed security services (24/7/365 U.S. based monitoring, cyber hygiene (managed patching),  endpoint detection and response (EDR), and air-gapped and immutable cloud backups) plus specialized services like Cybersecurity-as-a-Service, Incident Response including disaster recovery & remediation, M&A cyber due diligence, GRC advisory, identity & access management, threat intelligence, vulnerability assessments, and technical testing. With headquarters in Cleveland, Fortress supports companies with both domestic and international operations. 

In Case of Emergency: 
Cyber Attack Hotline: 888-207-0123 | Report an Attack: IR911.com  

For Preventative and Emergency Resources, please visit: 
RansomwareClock.org

¹FAA: The Federal Aviation Administration (FAA) is the largest transportation agency of the U.S. government and regulates all aspects of civil aviation in the country as well as over surrounding international waters.

²CISA: Home Page | CISA

³CISA Strategic Plan: 2023-2025 Strategic Plan | CISA

⁴Department of Homeland Security: Home | Homeland Security (dhs.gov)

⁵Department of Transportation: Department of Transportation

⁶Security Framework: A defined approach to understanding an organization’s current risk profile and establishing a plan of action and roadmap for remediation.

The post Bolstering U.S. Critical Infrastructure Protection (CIP) Against Cyber-attacks: The Importance of the TSA Aviation Industry Announcement appeared first on Fortress SRM.

In cybersecurity, the term “living off the land” refers to a type of attack technique that enables an attacker to evade security software detection while blending into the victim’s network, using legitimate tools and utilities that are already installed on the target system instead of using malicious software. Some examples of tools that can be used for “living off the land” attacks include PowerShell, Remote Management Tools, Windows Management Instrumentation (WMI), and Remote Desktop Protocol (RDP). This attack technique has become increasingly popular among cybercriminals and state-sponsored hacking groups.

Remote management tools are software programs that allow remote control and management of a device or network. They are widely used in IT environments as they offer many benefits such as reduced costs, increased productivity, and better efficiency. However, remote management tools also present a significant security risk as threat actors can exploit them to conduct sophisticated malicious activities.

A CrowdStrike analysis of the threat landscape and adversary universe revealed that 6 in 10 detections (62%) indexed by the CrowdStrike Security Cloud in the final quarter of 2021 were malware-free. Instead, adversaries were leveraging legitimate credentials and built-in tools — a hallmark of living off the land attacks — to advance the attack path. CISA (Cybersecurity and Infrastructure Security Agency) issued a joint advisory earlier this year warning organizations of the increase of this threat

Threat actors use remote management tools for various insidious purposes, such as:

1. Gaining unauthorized access to a system. Threat actors can use remote management tools to gain access to a system without needing to physically be in the same location as the targeted device. This is particularly useful for threat actors who operate from a different country or region than their target.
2. Evading detection. Remote management tools are legitimate software programs that are commonly used in IT environments, making it difficult for security software to detect their use. This makes it easier for threat actors to remain undetected while conducting their malicious activities.
3. Persistence. Threat actors can use remote management tools to establish persistence on a system. By creating a backdoor using a remote management tool, they can maintain access to the system even if other malware is detected and removed.
4. Moving laterally. Remote management tools can be used to move laterally within a network. Once access has been gained to one device, threat actors can use remote management tools to move to other devices within the same network.

Recent “Living off the Land” examples:

Solar Winds

In the SolarWinds supply chain attack which was discovered in December 2020, threat actors compromised SolarWinds’ Orion software, which is a remote management tool used by thousands of organizations. The attackers then used this tool to gain access to various organizations, including U.S. government agencies, by installing a backdoor that allowed them to move laterally within the network.

Colonial Pipeline

The attackers used a virtual private network (VPN) account with an unused username and password that they had purchased on the dark web to gain access to this major U.S. pipeline’s network. Using a remote management tool, they moved laterally within the network and installed ransomware on various systems leading to a shutdown of the pipeline and a gas shortage in the Southeastern United States.

Conclusion

By offering an easy and effective way to gain unauthorized access to a system, evade detection, establish persistence, and move laterally within a network, remote management tools are a growing and dangerous trend.

As hybrid and remote work becomes more prevalent, the use of remote management tools is likely to increase, and organizations need to take the necessary steps to secure these tools to thwart attacks. This includes implementing multi-factor authentication, limiting access to remote management tools, and monitoring their use for suspicious activity.

There are several actions that organizations can take now to mitigate the risk of attacks that utilize remote management tools:

1. Limit access to remote management tools. Organizations should limit access to remote management tools only to authorized personnel who require it for their job functions. This can help reduce the risk of unauthorized access and misuse of the tools.
2. Implement multi-factor authentication. Organizations should require multi-factor authentication for remote management tools. This can help prevent unauthorized access even if an attacker has obtained a valid username and password.
3. Remove local admin rights. Organizations should not allow users to install applications on their systems without proper approval and oversight. Implementing systems such as Microsoft LAPS can assist with mitigating unapproved software being installed on a device.
4. Monitor remote management tool activity. Organizations should monitor the use of remote management tools for any suspicious activity, such as unauthorized logins or unusual commands.
5. Keep remote management tools updated. Organizations should ensure that remote management tools are updated to the latest version and patches. This can help reduce the risk of known vulnerabilities being exploited by threat actors.
6. Conduct regular security assessments. Organizations should conduct regular security assessments to identify vulnerabilities in their networks and systems. This can help identify any potential weaknesses that threat actors may exploit.
7. Implement network segmentation. Organizations should implement network segmentation to limit the lateral movement of threat actors within the network. This can help prevent an attacker from moving laterally within the network and accessing sensitive data or systems.
8. Train employees on cybersecurity best practices. Organizations should train their employees on cybersecurity best practices, such as how to recognize and report suspicious activity, how to create strong passwords, and how to identify phishing emails. This can help reduce the risk of human error leading to a successful attack.

By implementing these recommendations, organizations can reduce the risk of attacks that utilize remote management tools and better protect their networks and systems. It is important for organizations to stay vigilant and proactive in their cybersecurity efforts to stay ahead of evolving threats and prevent the bad guys from “living off the land.”

If you’d like to have a confidential conversation with one of our cybersecurity experts to improve your cyber safety, we’re here to help.

About Fortress: 
Fortress Security Risk Management protects companies from the financial, operational, and emotional trauma of cybercrime by enhancing the performance of their people, processes, and technology.  

Offering a robust, co-managed solution to enhance an internal IT team’s capability and capacity, Fortress Security Risk Management features a full suite of managed security services (24/7/365 U.S. based monitoring, cyber hygiene (managed patching),  endpoint detection and response (EDR), and air-gapped and immutable cloud backups) plus specialized services like Cybersecurity-as-a-Service, Incident Response including disaster recovery & remediation, M&A cyber due diligence, GRC advisory, identity & access management, threat intelligence, vulnerability assessments, and technical testing. With headquarters in Cleveland, Fortress supports companies with both domestic and international operations. 

In Case of Emergency: 
Cyber Attack Hotline: 888-207-0123 | Report an Attack: IR911.com  

For Preventative and Emergency Resources, please visit: 
RansomwareClock.org

The post Living off the Land: How Threat Actors are Leveraging Remote Management Tools in Cyber Attacks appeared first on Fortress SRM.