NBC News, Steve Wozniak, Sarah Palin - all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations. This Veracode infographic presents common social media hacks and explores how enterprises can mitigate the security concerns that stem from social media applications.
Barack Obama. Fox News. Britney Spears. Facebook. Dalai Lama. Lance Armstrong. What do all those people have in common? They’ve all had their Twitter accounts hacked.
With social media more popular than it’s ever been, so are viruses, malware and scams. Social media users must be familiar with the basics of security to stay safe.
Definition of Terms
Understanding how to be safe in the social networking environment means knowing the terms and issues users face.
The Big Four: Facebook, Twitter, LinkedIn, MySpace
Dozens More: Flickr, Google, Blogger, YouTube, Digg, etc.
Social media lives “in the cloud,” which is more difficult to protect than traditional networks.
A system that evolves incrementally and gains momentum as is spreads.
The more interconnected we get, the more opportunity malware has to pop up.
The trending popular symbols, phrases and ideas.
Memes tend to “go viral.”
What is the Risk?
Social media is more than sharing information with friends and followers. It’s now ripe for viruses and attacks. So while social media is fun, there are risks.
Core distribution of malware is through social media sites.
Why is social media ripe for malware?
Easy Access to Data
KoobFace - An example of recent malware on Facebook
KoobFace is a computer worm
It uses compromised computers to build a peer-to-peer botnet
KoobFace sent messages to Facebook users friends lists
KoobFace posted messages on Facebook walls so other friends would click
It was reported that KoobFace generated over $2 million in revenue
Can defame your brand by hitting your followers
Further social engineering efforts
Primary point of entry into organization
Malware has a history of infecting Twitter and Facebook. But there are things users can do to minimize their risk.
Timeline of Twitter Attacks
4/2007: SMS updates vulnerable
8/2008: Trojan download attacks begin
2/2009: Clickjacking attacks begin
4/2009: XSS worm released
4/2009: Internal admin tool hack
6/2009: Trending topic abuse begins
1/2010: Banned 370 passwords
5/2010: Force follow bug
9/2010: Mouseover exploits found
9/2011: Of top 10 most followed, only 2 have never been hacked
9/2011: script_kiddiez rampage
Trending Topics Attack
Hackers watch the Twitter trending topics
Create or hack an account and send out spam trend messages with virus-laden links
Users click and … ATTACK!
Protect Your Passwords
30% of people have passwords less than 6 characters
60% of people have only alpha-numeric passwords
50% of people use slang words, names, dictionary words or consecutive digits
?? Secret Questions -- easy to figure out
What does this mean? Passwords are easily hacked!
How to create a complex password:
Length: 8+ characters
Complex: letters, punctuation, symbols, and numbers
Variation: change passwords often (every 3 months)
Variety: Don’t use the same password for all your sites
Top 5 Categories of Facebook Spam
Stalking -- 35%
Free stuff / social games (think Farmville dollars) -- 16%
Shocking Curiosities -- 14%
Features NOT offered by Facebook (poking) -- 13%
Games NOT offered by Facebook -- 8%
Other -- 14%
Modes of Protection
It’s a dangerous world in social networking. Take steps to protect yourself!
Social Media Vendor
Implement better anomaly protection
Better warnings and alerts
Analyze shortened links
Fix passwords and security questions
Monitor outbound traffic
Educate employees on Socia Media safety and best practices
How YOU Protect Yourself
Be careful who you friend and follow
Don’t assume Twitter and Facebook are scanning for viruses
Scrutinize Bit.ly links
Always use the current version of your web browser
Keep Windows OS and Adobe current
You’re not safe just because you’re a Mac user
Be wary of email to you from social networks
You don’t have to avoid all forms of Social Media to be protected. But you do have to be aware of malware and scams. Educate employees as well on Social Media safety and best practices to reduce your company’s risk from costly losses and identity theft.
Fergal Glynn joined Veracode in 2008. Fergal is currently responsible for lead generation activities including content marketing, blogging, search engine optimization, webinar marketing, social media, and optimizing the marketing and sales funnel. Fergal spent his first two years at Veracode as a Product Manager.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.