Social Networks Have Proven To Be A Lucrative Hunting Ground For Cybercriminals

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Members of social networks need to be on the alert for malicious e-mail messages after they have proven to be the new breeding ground for cybercriminals.
Facebook and Android smartphones are attracting more attention from malware writers, according to the AVG Community Powered Threat Report Q1 2011. The report says the biggest increase has been in what it calls Facebook PUS (Potentially Unwanted Sites).
Cybercriminals have taken the next step, now scouring social networks for information about prospective targets before launching their attacks. Links to videos with a titles like "OMG, you won’t believe what this teen did on camera" are used to lure people into filling in surveys and can lead to $9.95 per month being billed to their mobile phone accounts. The report says they use click-jacking to dupe victims into telling their Facebook friends that they "like" this video, and that they should try it.
Cybercriminals mined data on social networks before launching highly targeted attacks that let them breach the systems of companies like Epsilon recently. "The social media world has been a huge boondoggle for ...
... bad guys, not just in digging up information about you, but also in the vector of attack," said Stuart McClure, general manager, SVP and CTO of the risk and compliance unit at McAfee. Other problems that crop up in a social networked world include a lack of privacy, and possible weaknesses in the security of the networks themselves. However, businesses that send out items to customers using parcel delivery services are catching on to the interactive power of social networking websites, it has been suggested. A large number of enterprises now engage in two-way communication with shoppers using these tools.

According to Spencer Parker, group product manager at data security firm Websense, most firms were quick to block sites such as Twitter, Facebook and LinkedIn when they started to become popular, but that situation has now changed. "They may be using it for brand awareness as well as their own internal usage. So Facebook is becoming accepted within the business community now," Spencer explained.
The American government is reportedly spending more than $2.4 million on software to create fake identities on social networking sites. The software is an attempt to infiltrate and influence suspected terrorists and extremists overseas, which allows Military users to create multiple personas on the Internet and engage in extended online conversations and communications with suspects.
A spokesman for the US Central Command region, which includes the Middle East, Pakistan and Afghanistan, said that Facebook was not included because the psychological warfare scheme was operating only on overseas social media sites. The software enables an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries.
The program is part of Operation Earnest Voice (OEV), which was first used in Iraq against various forums used by al-Qaeda members and insurgents communicating online. The languages used are Arabic, Urdu and Pashto.
Facebook has introduced a number of security improvements aimed at better safeguarding users' privacy. Although Facebook is moving toward giving end-users additional security controls, is not the biggest security problem facing Facebook. The biggest issue is how end-user data is used by Facebook, their partners, and other third parties -- either with permission or without permission.
Also, it's important to ensure that Facebook itself is adhering to users' wishes in the first place, added Dayman, and not altering the privacy settings without their knowledge. On the other hand, the security industry needs to take Facebook and what it offers in perspective, Robert Siciliano, CEO of IDTheftSecurity.com, told TechNewsWorld.
All of the concerns addressed in Facebook's security update are valid, he said, suggesting that many of its users are not as fundamentalist in their approach to privacy. "While Facebooks security and privacy issues may not be up to others' standards, they are working for its users," said Siciliano. "I don't see a mass exodus because a worm makes its way onto the site.
Online attacks on social networks are very common these days. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council’s brand new TakeDownCon is a technical information security conference series that serves as a platform for IT security professionals to discuss and exchange views on the latest information security threats as well as remediation strategies. In addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program.
The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

ABOUT EC-COUNCIL
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training, the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 84 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series.