With about one and a half billion social network users worldwide, those regularly using Facebook, Twitter, LinkedIn, Google +, Pinterest and others, are key targets of cyber criminals. This post examines some of the security threats arising from social networking. Many on the list are interconnected.
An example of a hoax is the Facebook post currently circulating in which it is alleged that Taylor Swift’s iPhone has been hacked. Facebook users are encouraged to click on a link supposedly to view a leaked sex tape:
Another similar Facebook hoax which caught many unsuspecting users was the Facebook Dislike Button hoax. Several different varieties of this hoax within Facebook are reported every month. By clicking on the link in these hoaxes, Facebook users are taken to malicious websites, often containing drive-by downloads.
2. Social engineering
Social engineering techniques capitalise on the trust people have for their social network contacts. An example is the Koobface malware which propagated through Facebook and Twitter. Once it had infected a PC, the malware sent a message to social networking friends of the PC user encouraging them to click on a link. It leveraged the trust that social networking users have of their online friends. When the friends clicked on the link, they were directed to a webpage which installed the malware on their systems.
In another social networking attack, a hacker recently demonstrated how he used LinkedIn to hack into an organisation’s system. The attacker created a false LinkedIn identity posing as an employee of the organisation he wanted to target. He then sent connection invitations to other employees of the organisation. Many employees, thinking the invitation was from a co-worker, accepted the invitation to connect. The attacker then sent these connections a mock beta-test sign up supposedly for a new project. When the employees signed in, the attacker was able to harvest their organisation login details and subsequently use them to gain access to the organisation’s system.
3. Identity theft and data mining
Social networking sites encourage users to enter and share as much data as possible. However this data is exposed to cyber criminals who gather the data to be used for example in a spear phishing attack. The more the cyber criminal knows about his target, the more he is able to tailor the attack, and the greater the likelihood their attack will be successful. Social networks are used for this intelligence gathering by criminals.
4. Authentication credentials
More and more, social networking credentials are used for authenticating users on other websites such as retail sites. Retailers like the ease of use of allowing users to login with their Facebook or Twitter logins. However, the weak authentication for social networking exposes these retailers to fraud.
5. Clickjacking and likejacking attacks
Clickjacking is the term used for describing a click which triggers unintended actions. A clickjacking attack can be used to notify all the social networking connections of someone clicking on a hoax link, thus further propagating the scam. Likejacking is used to trick users to unknowingly triggering a social networking “like”.
6. Shortened urls
Twitter for example, automatically shortens urls in tweets. The danger is that users cannot read the actual destination before clicking on the url. Shortened urls are a technique used to take unsuspecting users to malicious sites such as phishing sites and sites that contain drive-by downloads.
7. Fake messages from the social networking provider
Social networking providers occasionally communicate with their users via email or via message boxes. These messages can be utilised by cyber criminals.
One attack sent emails to victims masquerading as LinkedIn invitation reminders. Users who clicked on the link in this email installed a version of the Zeus malware on their system.
Fake Facebook security messages have been used by cybercriminals to trick users into going to a malicious site.
8. User credential hacking
Both LinkedIn (6.5m credentials stolen) and Twitter (250,000 credentials stolen) have recently been victims of hacking attacks where large numbers of user’s login details were hacked from the social network repository. The danger is larger than simply having one’s social networking login credentials stolen as many users utilise the same credentials for their banking and other sensitive logins.
9. Phishing attacks
Social networking users are a prime target for phishing attacks.
10. Botnet command and control channel
Twitter accounts have been used as the command and control channel for botnets.
With people spending more and more time social networking, the dangers are likely to continue as the platform gains attention from cyber criminals.