Social Net-Based Attacks Surge in 2010
New survey by security software vendor Sophos finds that most companies still allow employees unfettered access to Facebook, Twitter despite the known security risks.
More than two-thirds of all enterprise employees were spammed through their various social networks in 2010, according to security software vendor Sophos' latest threat report, and four in 10 received some form of malware from Facebook, Twitter or some other similar site.
The figures themselves aren't terribly surprising considering the captive audience -- Facebook alone counts close to 600 million registered users -- hackers have found on social networking sites.
On a weekly if not daily basis, new socially engineered security threats constructed from information culled from users' personal pages and professional affiliations find their way into links or attachments in unsolicited emails or hidden in legitimate websites.
For enterprises, social networks present a vexing Catch 22. More than 75 percent of companies queried in a recent security survey said they had expanded their use of Web 2.0 apps like Facebook and Twitter to expand revenue streams and better interact with their customers, partners and potential new customers.
At the same time, 60 percent of these companies also acknowledged they were victimized by a significant data breach as a result of employees either sharing too much information or accidentally divulging information through these same social networking sites.
While some companies have banned employee access to the likes of Facebook and Twitter -- either through policy, security applications or both -- Sophos' survey found that more than half of the 1,273 companies surveyed let and often encourage workers to visit and participate on these sites.
"Rogue applications, clickjacking, survey scams -- all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook," Graham Cluley, senior technology consultant at Sophos, said in the report. "Why arent Facebook and other social networks doing more to prevent spam and scams in the first place?"
"People need to be very careful they dont end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers," he added.
Last year, 95,000 pieces of new malware popped every day, according to Sophos, up from 50,000 new threats a day in 2009.
While many of the social networking-based campaigns are little more than annoying spam scams, creative phishing campaigns designed to steal banking and credit card information tagged 43 percent of social networking users last year, up from 21 percent in 2009.
In September, an "onMouseOver" Twitter worm ravaged thousands of Twitter accounts, redirecting followers to malware-laden pornographic sites and spreading more malicious content throughout the Twitter community.
Eighty-two percent of respondents identified Facebook as the most serious security threat to their data yet the majority still allow employees to continue visiting the site.
"Total bans on users accessing social networking sites are becoming rarer, as more firms recognize the value such sites can bring in raising brand awareness and delivering social media marketing campaigns," Cluley said. "If your business isnt on Facebook, but your competitors are, you are going to be at a disadvantage. But you have to be aware of the risks and secure your users while theyre online."
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.