Social media platforms have become an integral part of veterinary practices. The platforms have allowed clients to interact with clients, ask queries about services, and even book appointments. Veterinary practices also use social media platforms for marketing and reaching out to potential clients.
However, these platforms have also become a core part of the ransomware playbook, where they are used to profile, launch, threaten and carry out cyberattacks. Below are some of the ways social media can be used to harm your veterinary practice.
Cybercriminals are now using social media to profile their targets. The mode of attack started in 2016 when ransomware known as Ransoc targeted users based on their social media profiles. The ransomware scraped social media accounts and local files of victims in order to tailor customized demands to their victims. The cybercriminal group would also threaten their victims with court action if the amount of ransom they were asking for was not fully paid.
Since then, the use of social media to profile targets by cybercriminals has become sophisticated. Today, cybercriminals are able to collect every detail of their victims before launching an attack. Using social media can also help them narrow down who their victims should be based on their user engagement and how big they believe the veterinary practice is. One of the tools used to achieve the granular level of profiling is the use of advertising campaigns. Almost all social media profiles offer some form of advertising. Cybercriminals use these features to search for all profiles that fall under their target group. They are able to narrow down who they want to target and use the information to launch a ransomware attack.
Unfortunately, due to the sophistication of the research methods used by cybercriminals to profile their victims, most veterinary hospitals are rendered helpless during this phase. These practices do not realize that cybercriminals have been researching them until the last minute when an attack is launched. The demands of ransom made after an attack are also tailored based on their social media profiles, making it hard to escape paying the ransom.
2. Double Extortion
The threat of public exposure is dreaded by almost all victims of ransomware attacks. Cybercriminals know this fact, and in recent years, they have been using social media to expose businesses, organizations and institutions they have attacked. They have also been using social media platforms to expose victims that fail to pay the ransom. In late 2020 a veterinary hospital in South Carolina lost the sale of their hospital due to a social media hack.
Part of the reason why exposure through social media has become popular is due to the negative connotations that the dark web carries. In most cases, when information is leaked using the dark web, only a small group of people know about the leak. However, almost everyone uses social media. This makes it very easy for users and clients of the exposed victims to get wind of the ransomware attack.
Recently, there has also been a trend where Twitter bots are being used to create traction about a ransomware attack. The bots are used to create a fake buzz, direct more traffic to the attack, and try to get into the mainstream news. In October 2021, The National Rifle Association of America (NRA) was attacked by ransomware. The attack, though fairly unremarkable was pushed through the use of Twitter bots, until it become headline-worthy. This was done to ensure that the group paid the maximum amount of ransom that was requested. The attack also highlighted how social media platforms were being used to boost attacks and extort more money.
Today, cybercriminals can set up a new Facebook or Twitter profile with the details of your veterinary practice and reach out to your clients and employees. This is called phishing and can be used to gain access to accounts they are not authorized. The phishing method can also extend to creating a website that looks like your veterinary practice, including the name, attaching it to fake Facebook and Twitter profiles and reaching out to your clients and employees looking to get them to submit their account details. If successful, these cybercriminals can then carry out ransomware attacks using the information they have gained through social media platforms.
4. Malware and session hijacking
Cybercriminals are also able to launch malware using social media platforms that redirect users to websites that are infected with malware. Social media users who are not technically savvy are also easy to manipulate into giving hackers their details, which leads to session hijacking and social media hacking.
These two major problems can also be used against veterinary practices. This is because not all staff who work in these practices are technologically savvy, making it easy for cybercriminals to use social media to target them.
The takeaway for Veterinary Practices
Social media platforms have become a useful tool for veterinary practices looking to connect with their clients and staff. However, in most cases, the cybersecurity threats that these platforms pose are ignored. This creates a window of opportunity that cybercriminals can use to launch attacks.
Training your staff on the proper use of social media can help reduce the chances that these platforms will be used against your practice. Other methods such as two-factor authentication on all your platforms should be considered to avoid hackers from gaining access to your official veterinary practice social media accounts.
Do you need help protecting your hospital from becoming a victim of a social media cyber attack?
Start by downloading our FREE ebook “5 Simple Steps to Protecting your Hospital”. It includes easy, cheap and effective means to start protecting your veterinary hospital from cyber crime.