“As with any new tool or technology, organizations should take the initiative to learn about its risks and consider the security measures needed before jumping right into more consistent use,” CSC said. In the case of online platforms like Threads, cybercriminals will try to beat you to the punch, so it is crucial for organizations to be aware of their entire domain landscape and take proactive steps to cut off exploits and infringements from the source at the time of registration, CSC wrote.
Malicious URLs and malware downloads
High-profile products draw keen interest from malicious actors, and Threads is no exception, Alexander Applegate, senior threat researcher at DNSFilter, tells CSO. “Threads attracted 100 million users in its first week, displacing ChatGPT to become the fastest application to achieve that mark. During that same week, researchers found 200 million suspicious URLs associated with the tool.”
While the threat is not one that is likely to make its way into the Apple Store’s walled garden, many of the links were false downloads for malware, Applegate says. “The remaining links were taking advantage of the low state of security review for the product and looking to capitalize on user trust to perpetrate scams and to deliver malware via posting on the platform.”
Unintentional and malicious data leakage/exposure
If employees use Threads for official communication or to share sensitive data, there is a risk that the data could be leaked unintentionally. “Even if they are using it for personal conversations, discussions about company projects, strategies, or internal gossip might slip out,” says Guenther.
Threads has a feature for sharing one’s location, and if used carelessly by an employee, it could reveal sensitive or strategic business location data. Likewise, content shared on Threads, like any cloud service, is stored in servers managed by the service provider. Even if encrypted, there’s always a concern about how this data could be used or who might gain access, Guenther adds.
What’s more, Instagram Direct (and by extension, Threads) doesn’t use end-to-end encryption for messages (like signal or WhatsApp) by default. “This means that the content of messages is potentially accessible by Instagram and anyone who can compromise Instagram’s systems,” Guenther says.
