Social networking security threats taken too lightly

There's a gap between reports of malware generated from social networking sites and the potential threat businesses perceive, according to results of Sophos' s "Security Threat Report 2011".

Facebook photos: Opt-out or tag, you're it

The December 2010 survey says that reports of malware from social networking sites are on the rise. Malware from the sites hit 40% of users, up from 21.2% in April 2009 and 36% in December of 2009. Phishing is also on the rise, reaching 43% of social networking users in December 2010, up from 21% in April 2009 and 30% in December 2009, the report says.

Still, more than half the companies surveyed for the report allow unlimited access to Facebook, Twitter and Linked In, and 59% of businesses surveyed think that employee behavior on social networks could endanger corporate security.

Addressing Facebook's application system, the report notes that any member can write any application - possibly malicious - and install it on their page where it can spread to other users. The problem could be addressed by walling off Facebook and allowing only approved apps or granting users the ability to ban all but vetted apps from their pages.

Of those surveyed only 4.49% opposed walling off the site from any but approved apps, the report says.

The Sophos report recommends that social networks force privacy decisions onto their users by having them determine who would be able to see data they upload to their pages on the sites. "Such an approach would drastically improve the security of potentially sensitive information," the report says.

Privacy is a worry for social-site users, with 16% saying they have quit Facebook over privacy issues and another 30% saying they are highly likely to. Sophos says in the report that taking steps now rather than waiting for laws to define them would increase user trust in the networks.

In another area, the report says that perfectly legitimate Web sites are compromised at a rapid clip. With 30,000 new malicious URLs being found every day and 70% of malicious URLs belonging to hacked legitimate sites, the problem is growing.

The main threat is that these sites perform driveby downloads that compromise the computers used by visitors to the sites. Popular malware seizes files on victim machines and holds them for ransom until users pay to unlock them with passwords, the report says. The lion's share - 39.39% - of sites distributing malicious malware are hosted in the U.S., with France (10%) and Russia (8.72%) coming in second and third.

The report also looked at cyberwarfare. Most of those surveyed by Sophos say that they approve of their own governments spying on other countries using hacking and malware as tools. For 23%, that approval was blanket, but another 40% said it was OK only during wartime. More than half (54%) thought their country wasn't doing enough to protect from Internet attacks, and 40% said they just didn't know.

The report also noted that social engineering continues to prove effective for online criminals, and offered up these 10 warnings for avoiding social engineering that can lead to being victimized on the Internet.

* If an offer sounds too good to be true, it probably is.

* If you can't think of a good reason you were singled out for a windfall, it's probably a scam.

* Don't believe things just because they are stated in e-mail or on Web sites.

* Don't click on alluring links without thinking through the possible consequences.

* Never provide personal or company information unless you are certain of the identity and authority of the person requesting it.

* Never reveal personal and financial information via e-mail or by following links to sites to enter such information.

* If you doubt the legitimacy of e-mail, contact the sender by a separate channel you look up.

* Check URLs of sites you visit to be sure they are the URLs you actually want, not a similarly named ones that may be malicious.

* Don't send sensitive information over the Internet if you aren't confident of the site's security.

* Be suspicious of unsolicited phone calls and e-mails seeking information about your business and employees.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitysocial mediaprivacyinternetunified communicationsFacebookNetworkingsocial networkingcollaborationsoftwareapplicationssophosWeb 2.0anti-malwareInternet-based applications and services

More about FacebookLANSophos

Show Comments