Skip Links

Social networking security threats taken too lightly

Social network threats are on the rise, yet most companies allow unfettered access, Sophos study says

By , Network World
January 20, 2011 01:53 PM ET

Network World - There's a gap between reports of malware generated from social networking sites and the potential threat businesses perceive, according to results of Sophos' s "Security Threat Report 2011".

Facebook photos: Opt-out or tag, you're it

The December 2010 survey says that reports of malware from social networking sites are on the rise. Malware from the sites hit 40% of users, up from 21.2% in April 2009 and 36% in December of 2009. Phishing is also on the rise, reaching 43% of social networking users in December 2010, up from 21% in April 2009 and 30% in December 2009, the report says.

Still, more than half the companies surveyed for the report allow unlimited access to Facebook, Twitter and Linked In, and 59% of businesses surveyed think that employee behavior on social networks could endanger corporate security.

Addressing Facebook's application system, the report notes that any member can write any application - possibly malicious - and install it on their page where it can spread to other users. The problem could be addressed by walling off Facebook and allowing only approved apps or granting users the ability to ban all but vetted apps from their pages.

Of those surveyed only 4.49% opposed walling off the site from any but approved apps, the report says.

The Sophos report recommends that social networks force privacy decisions onto their users by having them determine who would be able to see data they upload to their pages on the sites. "Such an approach would drastically improve the security of potentially sensitive information," the report says.

Privacy is a worry for social-site users, with 16% saying they have quit Facebook over privacy issues and another 30% saying they are highly likely to. Sophos says in the report that taking steps now rather than waiting for laws to define them would increase user trust in the networks.

In another area, the report says that perfectly legitimate Web sites are compromised at a rapid clip. With 30,000 new malicious URLs being found every day and 70% of malicious URLs belonging to hacked legitimate sites, the problem is growing.

The main threat is that these sites perform driveby downloads that compromise the computers used by visitors to the sites. Popular malware seizes files on victim machines and holds them for ransom until users pay to unlock them with passwords, the report says. The lion's share - 39.39% - of sites distributing malicious malware are hosted in the U.S., with France (10%) and Russia (8.72%) coming in second and third.

The report also looked at cyberwarfare. Most of those surveyed by Sophos say that they approve of their own governments spying on other countries using hacking and malware as tools. For 23%, that approval was blanket, but another 40% said it was OK only during wartime. More than half (54%) thought their country wasn't doing enough to protect from Internet attacks, and 40% said they just didn't know.

The report also noted that social engineering continues to prove effective for online criminals, and offered up these 10 warnings for avoiding social engineering that can lead to being victimized on the Internet.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News