Social networking sites have become a hotbed of cybercrime, with Facebook being the most targeted, its users having received 39% of all malware and spam attacks by the end of last year.
This is according to Stefan Tanase, senior security researcher at Kaspersky Labs, speaking at the ITWeb/Kaspersky Lab Social Networking Security Forum 2011, at Southern Sun Grayston in Sandton yesterday.
He said in recent years, social networking sites have become one of the most popular resources on the Internet and users must be aware of both the good the bad aspects brought by these sites.
The number and complexity of threats that exploit social networking platforms continues to grow, he pointed out. “Kaspersky Lab processes more than 70 000 malicious and potentially unwanted programs everyday and the total number of malicious programs which were targeting social networks in 2010 alone is over 100 000.”
Tanase pointed out that social networks are opening up new ways for automated targeted attacks which are localised, contextualised and personalised against individuals.
Modus operandi
He said online criminals are now able to unleash targeted attacks towards organisations through the employees.
Employees subscribed to social networks are sharing so much information on these sites, and they can easily become the point of breach in a targeted attack against the enterprise, he noted.
“All the personal information they share can be easily collected by someone with bad intentions and later be used in sophisticated social engineering attacks. Usually, targeted attacks come with serious consequences, like intellectual property theft or corporate espionage,” he pointed out.
He said such information about current projects, financial situations or future plans can prove to be invaluable for competitors.
“Usually the corporate SNS [social networking site] accounts are being managed by people with good communication skills, not IT skills. The lack of IT security education and strong policies can lead to such an account getting compromised, which will badly damage the image of the entire company.”
When opening up a corporate SNS account, the company instantly starts to communicate with thousands of customers who might or might not have their computers already compromised, he pointed out.
“Such compromised computers can post links to Web pages that distribute malware on the corporate SNS account, thus getting other customers infected. Companies must constantly filter their incoming feed of comments, replies, wall-posts, etc, and remove malicious links.”
Infected computers inside the corporate network are also posing a risk to organisations, he pointed out. “No administrator wants infected computers inside his network. But social networks are opening up new doors for the cyber criminals to launch better crafted attacks.”
Instead of having real security strategies or guidelines on social networks, most businesses block their employees from accessing these Web sites altogether, Tanase said. However, not allowing employees to access social media from work is the classic story of the 'forbidden fruit'.
Safety measures
Facebook users should divulge as little personal information as possible and they should not give out their home address, telephone numbers or other private details, he advised.
So much personal information is becoming public on social networks, he said, explaining that advertisers are already using this information to send out targeted advertisements. “Cyber criminals are also getting on the bandwagon. When launching an attack, they start by profiling the employees before choosing the most vulnerable targets.
“Afterwards, they develop a new and unique malicious program. It does not have to bypass all anti-virus - just the one used by the victim. They then mix the malicious payload with a tailored social engineering strategy and they finally deliver the attack,” he explained.
Education is very important, he notes. Businesses should create and develop a decent level of security awareness throughout the enterprise, especially when it comes to individual users.
Organisations should warn users not to assume that a Web site is safe because it is high-profile. “High-profile Web sites frequently get injected with malicious scripts that deliver exploits,” Tanase said.
Share