SAN FRANCISCO – It’s probably not surprising, but is nonetheless alarming. Sophos’s latest ‘Social Security’ survey, which polls computer users on their experiences of social networking security threats, has found a dramatic increase in malware, phishing and spam transmitted via social networks.
40 percent of social networking users polled said they have been sent malware such as worms via social networking sites, a 90 percent increase since the summer of 2009. Two-thirds (67 percent) say they have been spammed via social networking sites, more than double the proportion less than two years ago. 43 percent have been on the receiving end of phishing attacks, more than double the figure since 2009.
“Rogue applications, clickjacking, survey scams — all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook,” said Graham Cluley, senior technology consultant at Sophos.
“Why aren’t Facebook and other social networks doing more to prevent spam and scams in the first place?,” Cluely asked. “People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers.”
Although results vary across the individual networks of Facebook, Twitter, MySpace and LinkedIn, the latest poll suggests that half of those surveyed have been given unrestricted access to social networks at work. Paradoxically, 59 percent believe employee behavior on social networking sites could endanger corporate network security, and 57 percent worry that colleagues are sharing too much information on social networks.
“Total bans on users accessing social networking sites are becoming rarer, as more firms recognize the value such sites can bring in raising brand awareness and delivering social media marketing campaigns,” explained Cluley. “If your business isn’t on Facebook, but your competitors are, you are going to be at a disadvantage. But you have to be aware of the risks and secure your users while they’re online.”
Although 82 percent of the survey’s respondents felt that Facebook posed the biggest risk to security, Sophos has labeled an attack on the Twitter micro-blogging network as the biggest single social networking security incident of 2010.
The infamous ‘onMouseOver’ Twitter worm hit the Twitter site in September 2010, and spread like wildfire. The cross-site-scripting (XSS) attack demonstrated how quickly a vulnerability on a social network can affect a huge number of users. High-profile victims included ex-Prime Minister’s wife Sarah Brown, Lord Alan Sugar, and even Robert Gibbs, the press secretary to U.S. President Barack Obama.
The most high-profile IT security story of 2010 was the WikiLeaks saga, which saw a number of Distributed Denial-of-Service (DDoS) attacks launched against companies withdrawing support for the controversial whistle-blowing site. There was also the widely reported ‘Stuxnet’ worm, linked with targeting SCADA systems used for industrial applications, including nuclear facilities. These exemplify the development of cybercrime from the initial stages of proof-of-concept and mischievous virus-writing, through financially motivated, organized criminal activity — undoubtedly still the primary threat – and finally a third, political motivation – a trend predicted to continue.
“Many computer users still don’t realize that you can wind up with something nasty on your machine simply by visiting a website,” continued Cluley. “Over the year, we saw an average of 30,000 new malicious URLs every day — that’s one every two-to-three seconds. More than 70% of these are legitimate websites that have been hacked — this means that businesses and website owners could inadvertently be infecting their patrons unintentionally and without knowledge.”
a>>
