One of the major aspects of the advanced threats that are getting past “check the box” defenses these days is the level of targeting – these aren’t your grandfather’s worms that are succeeding today. There have been many attacks targeting CXOs that appear to have done research on social media to personalize phishing email and even attack web site content.
Basically the attacks are taking advantage of changes in social norms around sharing information. This may seem to be something new, something driven by social networking, but the reality is that social networking is a symptom of the changes in social norms, not the cause. Heck, the Jerry Springer show debuted 20 years ago and we’ve had people spilling their guts on TV reality shows ever since.
But social network sites do raise the ante because the guts spilled stay spilled and are easily searchable. The web site PleaseRobMe.com had been demonstrating how silly people were in posting “We’re having a great time here in Hawaii away from our unguarded home…” but now The Register reports that for a small fee a home security firm is offering its customers a “Feed Facebook, Tend to Twitter” kind of service – the logical equivalent of putting your lights on a timer.
Of course, if you are tweeting about how great the poi is at the luau at the same time that your security firm is tweeting for you about how you are sitting in your living room petting your Rottweiler and cleaning your shotgun…
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.