Answer

How to secure Twitter accounts against man-in-the-browser attacks

My organization uses Twitter to communicate with customers, so I was concerned by reports of man-in-the-browser attacks affecting Twitter users. Could you explain what attackers are doing and if there is any way to defend against them?

Requires Free Membership to View

Ask the Expert!

SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

Social media security is a quickly evolving area of information security. As enterprises increasingly use social media accounts to engage customers and promote brands, attackers, as they are always wont to do, will follow enterprise activity and seek to exploit any and every weakness they can find in the major social media platforms.

In this case, malware authors have quickly figured out how to use compromised Twitter accounts to spread their malware. The most recent Twitter malware used a man-in-the-browser attack to compromise local accounts and gain access to Twitter application programming interfaces (APIs). Once API access was obtained, the malware would send malicious links. Previous attacks on Twitter have taken advantage of cross-site scripting vulnerabilities, where a malicious tweet could also inject JavaScript and cause the user to retweet the malicious content.

There are several ways to protect your organization's accounts against Twitter-based malware. First and foremost, post links for Twitter followers that promote security awareness around Twitter usage; Twitter's official security awareness page is the obvious place to start, but organizations such as Forrester also maintain information to promote better social media security. Beyond user awareness, organizations should ensure that any system or user with access to an enterprise Twitter account is using a secure computer to help minimize the impact if the computer is compromised. Simple steps to ensure such security measures include making sure that users' software has been updated to the most recent versions and rolling out security patches from the likes of Microsoft and Adobe as soon as possible.

As for Twitter-specific security measures, an organization could detect if its Twitter account was compromised by downloading a copy of all its tweets and running any posted URLs through an anti-malware service to see if any of the links were malicious. If a malicious link is found, this could be a good indicator the Twitter account was compromised, and if this is the case, the organization should delete the malicious tweets and inform its followers that its account was breached so they can be aware their own systems may be compromised. In response to recent attacks on high-profile accounts, Twitter has also enabled two-factor authentication capabilities, which could further secure Twitter accounts against various attacks.

This was first published in March 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: