Symantec: Social Network Security Threats Rise As Thieves Target Data

The good news is that your credit card number has less value to attackers today. The bad news is they still want it, and they’ll take your Facebook credentials too.

Inside the latest Symantec Internet Security Threat Report, security researchers reported seeing stolen credit cards going for as little as seven cents. The price varies depending on what country the card is from, but the price point represents a drop off from years past when stolen credit cards were hot commodities in the cyber-underground.

’We believe that there’s always a lot of factors that affect the price -- how good is the credit card, what volume are you buying in, that’s sort of thing -- but we also think...there’s so much supply out there that these guys are being forced to lower their prices in order to attract attention and make sales,’ explained Kevin Haley, director of Symantec Security Response.

While credit cards may have dropped off in value, security researchers have found that user credentials for social networks have increasingly become targets for attackers. During the past year for example, botnets such as Kneber were seen swiping all kinds of login credentials, including user information for sites such as Facebook and hi5.

According to the Symantec report, social networks have become not only a place for friends to reconnect, but also a place for attackers to use social engineering to launch more successful malware and spam campaigns.

’Attackers exploit the profile information available on social networking sites to mount targeted attacks,’ the report states. ’For example, many people list employment details in their profiles, such as the company they work for, the department they work in, other colleagues with profiles, and so on. While this information might seem harmless enough to divulge, it is often a simple task for an attacker to discover a company’s email address protocol (e.g., [email protected]) and, armed with this information along with any other personal information exposed on the victim’s profile, create a convincing ruse to dupe the victim.’

Just how convincing? According to Haley, 73 percent of the shortened URLs Symantec observed that were determined to be malicious were clicked on 11 times or more. This in turn highlights another challenge facing social network security -- determining whether or not to trust the shortened URLs common on sites such as Facebook and Twitter. In the report, Symantec found that 65 percent of the links it found to be malicious during a three-month period were shortened URLs. Addressing the problem, he said, will take the combined efforts of users, security vendors and the social networks themselves, he said.

’I think the interesting analogy may be USB keys,’ he said. ’We know that they’re a tremendously effective propagation method, but if we just say ’no you can’t use them’ that’s just not going to work.’

Like other security vendors, Symantec also noted the growing importance of attack toolkits on the threat landscape. Many of these kits, such as the Phoenix toolkit, used Java exploits one of the appeals of which is that it is a cross-browser, multi-platform technology, Symantec explained. This means that it runs on almost every Web browser and operating system available -- a claim few other technologies can make, according to the report.

Hewlett-Packard’s (HP) Digital Vaccine Labs made a similar finding in a report in the ’2010 Full Year Top Cyber Security Risks Report’ it released Monday.

’All toolkits achieve an amazingly high infection rate, with the highest sometimes over 15%,’ according to the HP report. ’Even the lowest ranked, LuckySploit, achieves a 7.5% infection rate, itself an astoundingly high rate. To draw out a calculation, if the attacker is able to compromise a website that attracts 100,000 visitors a month, then the attacker is able to exploit 7,500 hosts each month.’

’We clearly think that attack toolkits are really driving the exploitation of these vulnerabilities,’ Haley said. ’We’ve seen more zero-days than in the last couple years…and then these zero-days work their way into the more common criminal’s usage through the attack kits.’