Personal information unwittingly posted on Facebook is a gold mine for cyber criminals looking to accurately profile an individual as a conduit for a targeted attack.
This is according to Stefan Tanase, senior security researcher at Kaspersky Lab, who will speak at the ITWeb and Kaspersky Lab Social Networking Security Forum 2011, taking place at Southern Sun Grayston in Sandton on 12 April.
Tanase says there is no doubt cyber criminals are using targeted attacks to get deep inside corporate networks.
All the personal information that Facebook users share can be easily collected by cyber criminals with bad intentions, and later used in sophisticated social engineering attacks. “Usually, targeted attacks come with serious consequences like intellectual property theft or corporate espionage,” he says.
“In social engineering attacks, one or more specific employees are targeted via social networks, particularly Facebook.”
Usual tricks
Tanase says the typical social engineering strategy is as effective as it is simple. The attackers use virus aimed at social networks - Facebook in particular - called 'Koobface'.
With the Koobface worm, usually a user receives a link from a 'trusted' contact to say 'they have received a video clip', he explains. “The user is told he or she has to install a specific program/codec/plug-in in order to watch the video.”
“The result of this process is having control over the infected machine. Once this has been reached, anything can happen to that machine.”
The other business strategy used by the Koobface gang is to spread rogue anti-virus products on as many machines as possible, products that require the user to pay an amount of money to supposedly get their machine disinfected, Tanase says.
“Asking a user to pay for a fake product is the most direct method of earning money on the black market that doesn't involve stealing directly from the victim's bank account,” he points out.
Tanase says Facebook is working on defending their users against these attacks, but these efforts are not enough. “The problem is cyber criminals are also keeping up and they are always one step ahead.”
This is why a smart Internet security solution with powerful proactive defence mechanisms that protects the client (the user's computer) rather than the distribution vector (the social network itself) is needed to ensure maximum protection, he points out.
Better than cure
To stay safe, Tanase says businesses should use a fully-featured and up-to-date Internet security solution.
“This should not be based only on signature scanning (blacklist approach), but also on proactive defence modules like heuristics [experience-based techniques for problem-solving] and behavioural analysis of applications.”
Businesses should keep operating systems up-to-date and use the latest browsers. “Examples could be Firefox 3.6, Google Chrome 4, Internet Explorer 8 or Opera 10,” he adds.
Always run the latest versions of Adobe Reader, Flash Player, or other plug-ins used for the Web, he advises.
Education is very important, he notes. Businesses should create and develop a decent level of security awareness throughout the enterprise, especially when it comes to individual users.
Organisations should warn users not to assume that a Web site is safe because it is high-profile. “High-profile Web sites frequently get injected with malicious scripts that deliver exploits,” Tanase says.
He advises users to be wary of any messages from social networks. “The people that users communicate with can be using infected machines, so the messages they are sending might not actually be from them.”
Tanase also warn users to be cautious when opening links in suspicious messages, even if the sender is one of their trusted Facebook friends.
Facebook users should divulge as little personal information as possible and they should not give out their home address, telephone number or other private details, he concludes.
For more information about the event, click here.
Share