NBC News, Steve Wozniak, Sarah Palin - all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations. This Veracode infographic presents common social media hacks and explores how enterprises can mitigate the security concerns that stem from social media applications.
Add this Infographic to Your Website for FREE!
Infographic by Veracode Application Security Barack Obama. Fox News. Britney Spears. Facebook. Dalai Lama. Lance Armstrong. What do all those people have in common? They’ve all had their Twitter accounts hacked. With social media more popular than it’s ever been, so are viruses, malware and scams. Social media users must be familiar with the basics of security to stay safe.
Definition of Terms
Understanding how to be safe in the social networking environment means knowing the terms and issues users face.
- The Big Four: Facebook, Twitter, LinkedIn, MySpace
- Dozens More: Flickr, Google, Blogger, YouTube, Digg, etc.
- Social media lives “in the cloud,” which is more difficult to protect than traditional networks.
- A system that evolves incrementally and gains momentum as is spreads.
- The more interconnected we get, the more opportunity malware has to pop up.
- The trending popular symbols, phrases and ideas.
- Memes tend to “go viral.”
What is the Risk?
Social media is more than sharing information with friends and followers. It’s now ripe for viruses and attacks. So while social media is fun, there are risks.
- Core distribution of malware is through social media sites.
- Why is social media ripe for malware?
- Easy Access to Data
KoobFace - An example of recent malware on Facebook
- KoobFace is a computer worm
- It uses compromised computers to build a peer-to-peer botnet
- KoobFace sent messages to Facebook users friends lists
- KoobFace posted messages on Facebook walls so other friends would click
- It was reported that KoobFace generated over $2 million in revenue
- Can defame your brand by hitting your followers
- Further social engineering efforts
- Data disclosure
- Primary point of entry into organization
Malware has a history of infecting Twitter and Facebook. But there are things users can do to minimize their risk.
Timeline of Twitter Attacks
- 4/2007: SMS updates vulnerable
- 8/2008: Trojan download attacks begin
- 2/2009: Clickjacking attacks begin
- 4/2009: XSS worm released
- 4/2009: Internal admin tool hack
- 6/2009: Trending topic abuse begins
- 7/2009: Koobface
- 1/2010: Banned 370 passwords
- 5/2010: Force follow bug
- 9/2010: Mouseover exploits found
- 9/2011: Of top 10 most followed, only 2 have never been hacked
- 9/2011: script_kiddiez rampage
Trending Topics Attack
Hackers watch the Twitter trending topics
- Create or hack an account and send out spam trend messages with virus-laden links
- Users click and … ATTACK!
Protect Your Passwords
- 30% of people have passwords less than 6 characters
- 60% of people have only alpha-numeric passwords
- 50% of people use slang words, names, dictionary words or consecutive digits
- ?? Secret Questions -- easy to figure out
- What does this mean? Passwords are easily hacked!
- How to create a complex password:
- Length: 8+ characters
- Complex: letters, punctuation, symbols, and numbers
- Variation: change passwords often (every 3 months)
- Variety: Don’t use the same password for all your sites
Top 5 Categories of Facebook Spam
- Stalking -- 35%
- Free stuff / social games (think Farmville dollars) -- 16%
- Shocking Curiosities -- 14%
- Features NOT offered by Facebook (poking) -- 13%
- Games NOT offered by Facebook -- 8%
- Other -- 14%
Modes of Protection
It’s a dangerous world in social networking. Take steps to protect yourself!
Social Media Vendor
- Implement better anomaly protection
- Better warnings and alerts
- Lock accounts
- Analyze shortened links
- Fix passwords and security questions
- Monitor outbound traffic
- Educate employees on Socia Media safety and best practices
How YOU Protect Yourself
- Be careful who you friend and follow
- Avoid add-ons
- Don’t assume Twitter and Facebook are scanning for viruses
- Scrutinize Bit.ly links
- Always use the current version of your web browser
- Keep Windows OS and Adobe current
- You’re not safe just because you’re a Mac user
- Be wary of email to you from social networks
You don’t have to avoid all forms of Social Media to be protected. But you do have to be aware of malware and scams. Educate employees as well on Social Media safety and best practices to reduce your company’s risk from costly losses and identity theft.
Veracode Security Guides
Data Security Resources
Veracode Security Solutions
Android Apps Security
SQL Injection Attack
Facebook Security Settings
iOS Security Guide
Web Page Security