In-Depth
New Year, New Threats: The Emerging Security Risks of Social Networking
Completely blocking access to social networking sites or online communities is not necessarily the only -- or the best way -- to stop these threats before they affect your business. The answer may lie in educating your workforce.
By Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services
For years, businesses have been skeptical about allowing employee access to social networking for security and productivity reasons, but more recently that attitude has shifted to one of acceptance. More companies are allowing employees some access to social networks as they identify their utility in the workplace. As more businesses incorporate these technologies into their work environment, the security risks still exist and, in some cases, increase.
MessageLabs Intelligence predicts that in 2011, social networking -- from microblogging to online gaming -- will continue to be a pervasive threat and will be exploited by cybercriminals in new and different ways. Because these tools are popular and familiar, many users let their guard down, publicizing personal and professional information that may put critical data at risk.
We can expect online criminals to continue to scrutinize social networking environments for as long as they can profit from unsuspecting users who fall for their scams. MessageLabs Intelligence expects three major trends to unfold this year, all driven by social networking.
The Truth behind Short URLs
Shortened URLs are popping up everywhere from social networking sites to e-mail messages and are now commonly accepted as links to relevant, valuable, and sought-after information regardless of the fact that the real URL is disguised.
This year, MessageLabs Intelligence saw several exploits using URL shortening services to point to compromised Web sites. URL shortening services provide a springboard for spammers and malware distributors who hide malicious content behind seemingly legitimate links. Short URLs provide a landing page for spam domains by directing people to a reputable link, then bouncing to the malicious Web site. Online criminals don’t need to register or create an account to use them, which makes them extremely easy to use without leaving a trail.
The use of shortened URLs in spam e-mail messages became increasingly popular during 2010. At its peak in 2009 (on July 28), 9.3 percent of spam comprised of a shortened hyperlink, compared with 18 percent on April 30, 2010, the current historical peak.
The trend shows no signs of slowing down: the volume of spam containing short URLs has also increased. Shortened URLS appeared in 23.4 billion spam e-mails at their peak in May 2010.
The year ahead will bring more sophisticated attacks using URL shortening services. As criminals continue to fine-tune their techniques, it’s likely that cyber criminals will gain control of a significant URL shortening service, compromising the content that originates from it. Criminal groups are expected to set up a service that operates in a legitimate manner before being turned to malicious use. Even occasional, malicious use cloaked within a legitimate service could prove effective and profitable.
Social Gaming Turns an Illegal Profit
Social networking sites and online marketplaces are rolling out their own in-house digital virtual currencies. Popular social networks and gaming sites already have a system of credits in place, where online currency can be spent on a variety of nonexistent objects, valuable only for players of a particular game. These can be anything from power-ups to special items to access for virtual events. Consumer interest in such items is driving a virtual goods economy that could be worth billions of dollars.
Attacks will soon be designed to exploit these new areas for financial fraud, including specialized malware, rogue applications, and phishing attacks. We anticipate that more social networking environments and online marketplaces will move toward adopting this approach to online currency, and that these payment systems will come under prolonged attack.
In 2011, we are likely to see a weakness in one of these systems identified as the target in a mainstream malware attack or phishing scam. These currencies will also be exploited as a means of transferring ill-gotten gains outside of national and international banking rules and anti-laundering regulations.
The more common online credits become, the more likely it is that cybercriminals will be able to convincingly spoof them, tricking unsuspecting gamers for monetary gain.
Trending Topic: Malware
Malware writers are known for tracking the news cycle, using current events and popular culture news as a hook that gives credibility and relevance to their attacks. MessageLabs Intelligence has seen malware that aims to place links to infected pages within the results of a search engine, using black-hat search-engine optimization techniques.
In 2011, the criminals will go beyond traditional techniques, leveraging the popularity of micro-blogging and using trending topics to identify major news items with the most online buzz. Rather than just promoting compromised Web sites through search engine optimization, they will look at popular topics to proactively identify Web sites likely to see higher-than-normal traffic, and seek to compromise those Web sites.
Online criminals will use multiple methods, including monitoring of micro-blogging site topics and search engine hot topic feeds, to track these trending topics. Coupled with an understanding of potential site vulnerabilities, this is a valuable combination of information that can be used to compromise target sites with sufficient speed to exploit expected surges in traffic, increasing a criminal’s chances of success.
Keeping Your Business Safe
Completely blocking access to social networking sites or online communities is not necessarily the only -- or the best way -- to stop these threats before they affect your business. Corporate use of laptops and mobile devices gives employees the flexibility to work remotely, often using the same machine for work as well as play. Educate your workforce of the risks as well as the safe behaviors required when enjoying the benefits of full access to an increasingly social and dangerous Web.
For businesses, it is key to be able to apply the same rules and policies to workers wherever they are located, regardless of which devices they may be using to access the data. Securing Web access for employees while they are in the office is essential, but in 2011, ensuring that the same rules will apply when they are on the road or working from home is critical.
Paul Wood is MessageLabs Intelligence senior analyst at Symantec Hosted Services. Symantec’s MessageLabs Intelligence is a valued source of data and analysis for messaging security issues, trends, and statistics. You can contact the author at pwood@messagelabs.com.