February 24, 2022by Delilah Schwartz

Illusions of Engagement: Defending Against Social Media Manipulation

Despite the media spotlight on the dangers posed by politically-motivated social media manipulation to national security and democratic processes, the severity of the threat posed to private businesses through abuse of these platforms is often overlooked. Whether motivated by economic gain or personal vendettas, cybercriminal weaponization of social media against your business can cause devastating damages.

Today’s organizations face unprecedented challenges in battling cyber threats. One important area that requires protection is the company’s social media presence, which promotes and supports the brand. In our recent report “The 5 Levels of Cyber Threat Intelligence Development”, we highlight some of the ways that social media can be manipulated, and the level of cybersecurity response needed to counteract these threats to a firm’s reputation.

Social media has become a growing commodity in business – not just for organizations with a consumer focus, but also for industrial giants that are exclusively B2B. Popularity and trust in an entity is now measured in the amount of likes and followers generated by Facebook, Instagram, TikTok and YouTube. The rise of social media has also wholly transformed the political arena - networked communications have overthrown governments, incited social movements and generated widespread concerns of electoral manipulation. Even so, the impact of social media on an organization is likely to vary based on the company’s purpose. For example, a defense corporation tasked with the protection of government secrets is not likely to have as much of a social media presence as a prominent manufacturer or e-commerce merchant. Still, while most of us understand the dangers posed by politically-motivated social media manipulation to national security and democratic processes (through digital propaganda, disinformation, deep-fakes, fake-news and bots), the severity of the threat posed to private businesses is often overlooked. The ramifications, however, of social media manipulation campaigns designed to damage private companies can be severe, threatening to impact supply chains, foreign market sales and brand reputation beyond repair.

By employing a mixture of hacked accounts, fake profiles, bots and synthetically-amplified likes, views and comments, threat actors can manufacture false outrage, artificially inflate user engagement, propagate fake-news, slip malicious phishing links into heated social media debates and spread lies designed to damage a brand’s reputation. The tools, techniques and templates for these social media-based cyber attacks are bought and sold on the closed forums and markets of the deep and dark web.

As with all other threats, an organization can respond to this social media assault from a reactionary defense, or through proactive preventative action.

Many social media platforms like Instagram, Twitter, and Facebook have themselves taken significant steps to crack down on bogus posts and manufactured “likes” through various security protocols and ‘disclaimers’. While this makes it harder to hack profiles, disseminate believable fake-news or artificially build massive followings, our latest research reveals that skilled threat actors are constantly finding new, more complex ways to beat the system, mixing bots with real user engagement to develop large audiences over time.

On the forums and markets of the deep and dark web, cybercriminals can purchase an abundance of bots and pre-packaged “likes” and “followers” for all major social media platforms, including Instagram, Facebook, Twitter and, more recently, TikTok. In September 2019, a threat actor on a dark web marketplace offered followers, likes, views and fans for a variety of social media platforms, and insisted that the accounts behind the offering were “REAL people not BOTS”.

Figure 1: Threat actor sells “real” followers, likes, views, and fans on dark web marketplace, September 26, 2019.

In June 2020, on a separate dark web marketplace, another threat actor advertised a pre-packaged bundle of 3,000 Twitter likes.

Figure 2: Threat actor sells 3,000 Twitter likes, June 10, 2020.

In this third post from March 2020, another anonymous threat actor advertises an unlimited TikTok “view-bot”, claiming to have amassed a total of  500,000 TikTok views on their personal account by using the bot.

Figure 3: Threat actor advertises unlimited TikTok “view-bot,” March 1, 2020.

In addition to the illicit tools and packages designed to amplify and promote the buyers’ social media accounts, cybercriminal vendors also offer more malicious tools to target and compromise targeted accounts. One such example  is a “report” bot, designed to take down the accounts of the buyers’ targets by mass-reporting the account or its content with https proxies.

Despite the growing vigilance of social media conglomerates, governments and individuals to combat the plague of social media manipulation, the underground trade in tools, hacks and services targeting social media platforms continues to boom. Whether motivated by political ideology, commercial ends or personal vendettas, threat actors remain dedicated to finding new tools and techniques to evade defensive mechanisms. The best defense against these sophisticated tools and techniques is proactive - harnessing intelligence from the deep and dark web to identify emerging TTPs threatening your organization. Armed with this critical insight, you can stay one step ahead of attackers, preemptively blocking attacks before they can materialize.

For more information about protecting your organization and brand from cyberthreats, see Cybersixgill’s whitepaper, “The 5 Levels of Cyber Threat Intelligence Development,” and our report, “No Filter: Social Media Hacking from the Underground”.

You may also like

SANS Report Blog-Thumbnail

July 18, 2024

SANS CTI Survey 2024: Reports Rise to the Top for Communicating Critical Information

Read more
Analyst looking at multiple monitors

July 11, 2024

Chinese APT40 Hackers Hijack SOHO Routers: Unleashing Cyber Espionage Attacks

Read more
Abstract digital landscape with flowing lines of glowing binary code in blue and orange, representing data streams and modern technology.

July 08, 2024

CVE-204-6387 Poses Risk to Organizations Relying on OpenSSH’s Server (sshd)

Read more