- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Social network tools have changed the way we interact in our personal lives and are in the process of transforming our professional lives. Increasingly, they play a significant role in how business gets done. But they're also high risk. With hundreds of millions of users, these tools have attracted attackers more than any other target in recent years.
Here, according to Palo Alto Networks, are the top 10 social network threats/risks that enterprises must consider when developing policies:
1. Social networking worms: Social networking worms include Koobface, which has become, according to researchers, "the largest Web 2.0 botnet." While a multi-faceted threat like Koobface challenges the definition of "worm," it is specifically designed to propagate across social networks (e.g., Facebook, mySpace, Twitter, hi5, Friendster and Bebo), enlist more machines into its botnet, and hijack more accounts to send more spam to enlist more machines. All the while making money with the usual botnet business, including scareware and Russian dating services.
2. Phishing bait: Remember FBAction? The e-mail that lured you to sign into Facebook, hoping you don't pick up on the fbaction.net URL in the browser? Many Facebook users had their accounts compromised, and although it was only a "tiny fraction of a percent," when you realize Facebook has over 350 million users, it's still a significant number. To its credit, Facebook acted quickly, working to blacklist that domain, but lots of copycat efforts ensued (e.g., fbstarter.com). Facebook has since gotten rather adept at Whack-A-Mole.
3. Trojans: Social networks have become a great vector for trojans -- "click here" and you get:
* Zeus -- a potent and popular banking Trojan that has been given new life by social networks. There have been several recent high-profile thefts blamed on Zeus, notably the Duanesburg Central School district in New York State late in 2009.
* URL Zone -- is a similar banking Trojan, but even smarter, it can calculate the value of the victim's accounts to help decide the priority for the thief.
4. Data leaks: Social networks are all about sharing. Unfortunately, many users share a bit too much about the organization -- projects, products, financials, organizational changes, scandals, or other sensitive information. Even spouses sometimes over-share how much their significant other is working late on top-secret project, and a few too many of the details associated with said project. The resulting issues include the embarrassing, the damaging and the legal.
5. Shortened links: People use URL shortening services (e.g., bit.ly and tinyurl) to fit long URLs into tight spaces. They also do a nice job of obfuscating the link so it isn't immediately apparent to victims that they're clicking on a malware install, not a CNN video. These shortened links are easy to use and ubiquitous. Many of the Twitter clients will automatically shorten any link. And folks are used to seeing them.