Social Networking A Major Security Threat, Cybercriminals Eye Facebook


Social Networking sites have become the new go-to attack point for malware, phishing and spam, security vendor Sophos found in its Security Threat Report 2011.

The report, which examines and analyzes cybercrime during 2010 and highlights trends to watch out for this year, revealed that scammers and cyber-criminals have their sights trained on users of social networks like Facebook and Twitter and that the number of social network attacks grew significantly in 2010.

According to Sophos, about 40 percent of the 1,200 social networking users polled have been sent malware, such as worms, via the social networking sites they frequent. That's an increase of about 90 percent second the summer of 2009. Additionally, two thirds of users queried, said they have been spammed via a social networking site, which is more than double the proportion of social networking users just two years earlier. And, Sophos found, 43 percent of respondents said they have been on the receiving end of phishing attacks, which is more than double the number from 2009.

The scams that are plaguing social networks were relatively unheard of just a few years ago, according to Richard Wang, manager of SophosLabs U.S. Wang said social networking platforms like Facebook and Twitter are struggling to keep up with the swell of threats as cybercriminals and scammers seek to leverage these new mediums.

"The growth has been huge for the last few years and that's accelerating," Wang said, adding that rogue applications, clickjacking, survey scams and a host of other types of malware are taking advantage of the sheer numbers of social networking users.

According to the study, a good deal of social networking happens in the workplace and 59 percent of survey takers believe social networking behavior could endanger corporate security and 57 percent worry that colleagues are sharing too much information on social networks. Additionally, 82 percent felt that Facebook posed the biggest risk to security, yet Sophos has identified "onMouseOver," the Twitter-based worm, as the "biggest single social networking security incident of 2010." The onMouseOver worm took out Twitter in September. The worm pummeled users with pop-ups, spam and pornographic tweets and then re-tweeted them to everyone on their contact list.

But social networking wasn't the thing under fire in 2010, according to Wang.

In 2010, Sophos uncovered 95,000 unique pieces of malware per day, or one every 0.9 seconds. The amount nearly doubled from 2009, when 50,000 unique pieces of malware were found each day. Sophos also found that 30,000 malicious URLs appear daily, one every two to three seconds with 70 percent of them on legitimate Web sites. Another increasing threat is the fake anti-virus and security variants, which in 2010 saw 500,000 new versions, Wang said.

Overall, the majority of the types of security threats from 2009 to 2010 stayed the same, aside from the higher impact on social networks, Wang said.

"The bulk of the stuff is very much as it's been the past year," he said.

Wang said another up-and-coming area for attackers to exploit is mobility, where malicious software and applications are put into mobile app marketplaces or malicious URLs sent to devices.

Wang warned that the threat landscape is still a treacherous road, and cautioned users to remain vigilant. He said that despite the arrests and prosecutions of several high profile cybercrime organizations in the past year and a dramatic decline in e-mail spam toward the end of 2010, security threats are just as, if not more, prevalent now than ever.

Sophos' Security Threat Report also comes on the heels of its release of the "Dirty Dozen," the top 12 countries that generate e-mail spam. The U.S. maintained its top spot on the Dirty Dozen this year, and is responsible for nearly one in every five, or 18.83 percent, of all spam e-mail messages sent.