Sunday, October 22, 2017

Cybercriminals Broaden their Attacks in Social Networks

Posted by OnCourse Staff September 18, 2014 11:15am

Photo Credit: StefanG81

By Buddy Arriola, CISA, MsC

Cybercrime attacks in Social Networking platform is listed as one of the Top 10 IT Security Issues for 2014 by SC Magazine for IT Security Professionals.  Cybercrime is defined in Wikipedia as any crime that either uses or targets a computer in the accomplishment of a crime.  Cybercrime attacks are prevalent in popular social and professional networks such as Facebook, Twitter, YouTube and LinkedIn. 

Why Cybercriminals Target Social Networks?

With an increasing popularity of social media and with a significant number of users logging on to social networking sites daily, Social Networks have become an attractive setting not only for organizations (both private and public) to promote their business products and/or services, but it has also become an ideal target or platform for cybercriminals for the following reasons:

  • There is a wealth of information on social networks.  Social network users willingly store and post personal and confidential information through popular social and professional networks such as Facebook, Twitter, YouTube and LinkedIn.  Articles, photos, videos, posted comment, messages, chats and other materials are posted or uploaded daily by social network users to share details of their personal lives.  According to Facebook Statistics, an estimated 3 million messages are sent daily, and an average of 205 photos uploaded per day.  Moreover, there is an estimated 1.310 billion active Facebook user accounts with personal profile including name, birthday, address, and/or phone number.  Other personal information (such as passport number, driver’s license number, Social Security Number, wedding anniversary date, birthday, age, and planned vacation dates) can also be obtained through posted pictures and messages.  Cybercriminals want your personal information that are used for the attacks or that are used to trick your friends and contacts into revealing information that are used for the attacks.  Cybercriminals steal people’s personal information and people’s identities so these could be used to compromise the victims’ computers and their accounts (including social network, and bank accounts).  

  • There are hundreds of millions of unsuspecting users that logon to social networking sites monthly.  Social Media users, particularly new and inexperienced users are easy prey for criminals.  Facebook alone has an estimated 1.3 billion active users of which an estimated 900 million logon to their Facebook account monthly. Twitter has 645.7 million users of which an estimated 310 million logon to their Twitter account monthly.  See Table 1 below for ebizmba statistics on other popular social media sites.  

 Criminals use social engineering tactics or trickery to obtain or to access social network user confidential information, or to control social network user accounts for various reasons including for financial gain.  Hackers have a high likelihood of success because there are many new and inexperienced social network users.  Many of these users are unaware of social media risks as such do not even think of the need to protect their personal information.  Others are inexperienced as such they do not even know how to protect their personal information. There also others who probably simply do not care to protect their personal information.  Recently, a social network contact posted a photo showing a copy of his Driver’s license, Passport, Social Security card, and professional ID plus his email address simply to transfer the photo from his mobile phone to his computer.  The photo displays his picture, signature, nationality, date of birth, street address, driver’s license number, passport number, social security number, employment details including job title, employer, and work address. Facebook alone had an estimated 170 million new users in 2013, according to Bloomberg Business Week.  As such there is a multitude of potentially vulnerable social network user accounts attracting hackers and criminals.

   Table 1. Top 15 Most Popular Social Media sites as of March 2014

Social Media Site Estimated Unique Monthly Visitors

1 | Facebook

900,000,000

2 | Twitter

310,000,000

3 | LinkedIn

250,000,000

4 | Pinterest

150,000,000

5 | Google Plus+

120,000,000

6 | Tumblr

110,000,000

7 | Instagram

85,000,000

8 | VK

80,000,000

9 | Flickr

65,000,000

10 | MySpace

40,000,000

11 | Tagged

38,000,000

12 | Ask.fm

37,000,000

13 | Meetup

35,000,000

14 | MeetMe

10,500,000

15 | ClassMates

10,000,000

 SOURCE: http://www.ebizmba.com/articles/social-networking-websites

Social media has become a vital means of private and public communication.  With hundreds of millions of social network users logging on to their account daily, and with many accessing their accounts through their mobile phones, Social Media has become a popular and preferred choice for private and public communication.  

There has been an increased reliance on social media for accessing as well as disseminating information such as for businesses to market their products and services; celebrities to promote or to announce changes in their events; governments to broadcast emergency alerts as well as public service announcements; and, for politicians and world leaders to express their views or even to raise campaign funds or funds for (a) charitable cause(s).  Despite its benefits, social media has become an ideal ground for staging crimes such as bullying.  It is a fast, effective, and efficient way to distribute or spread malicious information on targeted individuals, groups and organizations.  Also, social media has become a prime target for denial of service attacks by criminals and terrorists because social network service disruption can have a major impact to social network users as well as to the national security and financial health of an organization/nation.  According to Hackmaggedon, Governments and Industries have been the preferred targets of cyber attackers in 2013 followed by financial institutions.  

What are the Popular Social Media Attacks?  

The most dangerous hacks and exploits directed to social networks are identified in the Book the “Seven Deadliest Social Network Attacks” by Carl Timm and Richard Perez.  It is important to be aware of these attacks in order to recognize and avoid any possible mishaps to individual and business/professional social network users.  This section briefly identifies and discusses the more popular attacks.  But additional information can be obtained by reading articles or publications listed in the reference section at the end of this article which is recommended.

  • Social Networking Infrastructure Attack – is an attempt to bring down social networks, for example, through Distributed Denial of Service Attack.  Such an attack renders a social network site inaccessible for an extended period of time that can lead to financial loss for businesses relying on marketing their product through social network.  Such an attack can also affect national security as discussed in other sections of this article.
  • Malware Attack – is an attempt to gain access to computer systems and personal data or disrupt computer systems by infecting a computer with application containing malicious codes.  Infected computer can be controlled by the attacker for future activities such as track your activities, obtain your bank account information, or for distributed denial of service attacks.
  • Phishing Attack – is an attempt to acquire personal information (such as credit card info, bank account info, and username and passwords) through trickery and deception. Phishing attacks typically are delivered through emails and instant messaging or through applications that appear harmless.
  • Evil Twin Attack – is an attempt to obtain personal information and resources by impersonating an individual on a social network.  The evil twin (impersonated user account) is able to fool trusted user’s friends and contacts into a big scam.
  • Identity Theft – is an attempt to commit a crime by assuming someone else’s identify, such as through appearance, sound/voice, and smell of a person.
  • Cyberbullying – is an attempt to harass, harm, humiliate and/or intimidate someone through the use of technology such as by posting materials that are harmful, offensive and/or insulting.
  • Physical Threat – is an attempt to gain access to an environment through any means, such as by using information obtained on social networks to commit crimes such as robbery, assault or even sex crime.

How Can You Protect Yourself from Popular Social Media Attacks?

There are safety measures available on the Internet that can be followed to avoid becoming a target or victim of cybercrime and still enjoy the benefits of social media.  These safety measures have one commonality, that is, be careful of what you share and who you share it with on social networking sites.  Following are some good safety tips from various sources including from the article “How Social Media Networks Facilitate Identity Theft and Fraud” from Entrepreneur’s Organization website and from the book the “Seven Deadliest Social Network Attacks”:  

From Entrepreneur’s Organization website

  • Never, ever give out your social security number or driver’s license numbers.
  • Watch where you post and what you say, as it can be used against you later.
  • Don’t give out your username and password to third parties 
  • Avoid listing the following information publicly: date of birth, hometown, home address, year of high school or college graduation, primary e-mail address.
  • Minimize the use of personal information on your profiles that may be used for password verification or phishing attacks.
  • Consider unique user names and passwords for each profile.
  • Vary your passwords and change them regularly.
  • Only invite people to your network that you know or have met, as opposed to friends of friends and strangers.
  • For password security verification questions, use a password for all answers (rather than the answer to the specific question, like “What is your mother’s maiden name?”).

From the Book the “Seven Deadliest Social Network Attacks”

  • Don't click on unknown links.
  • Never open e-mail attachments from people you don't know.
  • Do not accept friends you don't know.
  • Do not use applications you are not familiar with.
  • Ensure you configure your privacy settings.
  • Install and run antivirus software.
  • Keep antivirus software up-to-date with the latest signature updates.
  • All downloaded files should be scanned by antivirus software prior to opening it or running it.
  • Install and run antispyware software.
  • Keep the signature files for antispyware software up-to-date.
  • Utilize the most up-to-date patches for your software.
  • Do not use any storage media that has been used in another computer, unless you are certain the computer is free of viruses and will not pass the virus on to your system.
  • Install and run local firewalls on your desktops and laptops.
  • Be aware of existing and emerging threats
  • When dealing with phishing attacks, the most appropriate action is take no action
  • Choose strong passwords
  • Simply don't accept friend request from people you do not know

SUMMARY

In summary, social media networks such as Facebook, Twitter, and LinkedIn have become prime targets for cybercrimes.  There is a wealth of information on social networking sites.  Criminals want your personal information and use these to trick you and others into divulging more information in order to perpetrate crimes such as assault, robbery, fraud and identity theft.  Also, there are many new and inexperienced social network users that are easy prey for hackers and criminals. These users are unaware of the proper privacy settings to protect their personal data.  These users are also unfamiliar with social engineering tactics and are easily tricked and convinced to provide personal information or even deposit money into a perpetrator’s bank account.  Lastly, there is an increased reliance on social networking as a vital means of communication.  Hackers and terrorists attack social networks to disrupt an organization’s business or the national security or financial health of a nation.  Hackers also use social networks to disseminate malicious information on targeted groups and/or individuals. Social Media offers a lot of benefits.  But you need to be careful of what you share and who you share it with on social networking sites.  It is also important you understand social media attacks and your attackers so you know how to protect and defend yourself and still enjoy the benefits of Social Media.  There are information security best practice and preventative measures that can be followed for safe social networking.   

 

REFERENCES

2013 Cyber Attacks Statistics (Summary), http://hackmageddon.com/2014/01/19/2013-cyber-attacks-statistics-summary/, Paolo Passeri , January 19, 2014

Australian government uses Twitter to broadcast emergency alerts, http://www.futuregov.asia/articles/2013/dec/27/australian-government-users-twitter-broadcast-emer/, Kelly Ng, 27 December 2013 |

 

Cyber-criminals Increasingly Targeting Attacks on Social Networks, http://www.spamfighter.com/News-17707-Cyber-criminals-Increasingly-Targeting-Attacks-on-Social-Networks.htm, SPAMfighter News - 09-05-2012

Cyber-criminals Increasingly Targeting Attacks on Social Networks - See more at: http://www.spamfighter.com/News-17707-Cyber-criminals-Increasingly-Targeting-Attacks-on-Social-Networks.htm#sthash.gjIShOOg.dpuf

Facebook Quiets Skeptics With Audience Growth and Mobile Money, http://www.businessweek.com/articles/2014-01-29/facebook-quiets-skeptics-with-member-growth-and-mobile-money, Brad Stone, January 29, 2014

Facebook Statistics, http://www.statisticbrain.com/facebook-statistics/, Facebook, January 1, 2014

How Social Media Networks Facilitate Identity Theft and Fraud, http://www.eonetwork.org/knowledgebase/specialfeatures/pages/social-media-networks-facilitate-identity-theft-fraud.aspx, Entrepreneurs ‘ Organization, 2013

ID Theft, Fraud & Victims of Cybercrime, http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud, National Cybersecurity Alliance, 2014

Security Threat Report 2014 , www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf+&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a 

Seven Deadliest Social Network Attacks , http://www.books24x7.com/assetviewer.aspx?bookid=37231&chunkid=548647760&noteMenuToggle=0&leftMenuState=1,   Carl Timm and Richard Perez , Syngress Publishing © 2010 Citation

Social Media Risks Create an Expanded Role for Internal Audit, http://deloitte.wsj.com/riskandcompliance/2013/08/06/social-media-risks-create-an-expanded-role-for-internal-audit/   Deloitte,  April 6, 2013

Top 10 issues in IT security for 2014, http://www.scmagazineuk.com/top-10-issues-in-it-security-for-2014/article/326564/

Top 15 Most Popular Social Networking Sites as of March 2014,  http://www.ebizmba.com/articles/social-networking-websites

Turkey blocks use of Twitter after prime minister attacks social media site http://www.theguardian.com/world/2014/mar/21/turkey-blocks-twitter-prime-minister, Kevin Rawlinson, The Guardian, Thursday 20 March 2014

Twitter launches alerts for emergency broadcasts, http://www.sfgate.com/technology/article/Twitter-launches-alerts-for-emergency-broadcasts-4843409.php, Benny Evangelista, September 25, 2013

Twitter Statistics, http://www.statisticbrain.com/twitter-statistics/, Twitter, January 1, 2014

Typhoon Haiyan (TyphoonHaiyan) on Twitter, https://twitter.com/TyphoonHaiyan, Run by @asiacentria, @backspacenews & @newsgon teams.

What to Do If You’re a Victim, http://us.norton.com/victim/article, Norton by Symantec

Why Social Networking Sites are a favourite with Cyber criminals today!, http://www.cyberoam.com/blog/why-social-networking-sites-are-a-favourite-with-cyber-criminals-today/, CyberRoam, May 18, 2013 

Comments

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
Same Day ACH Credits – Phase One
Is the IRS Status of your Defined Benefit plan in Jeopardy?
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
The Importance of BSA Training
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
Electronic Work Papers - Why P&G Made the Switch
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
The Test Drive: Leasing or Buying a HR IT Platform
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Another One Bites the Dust: Regulators Close 4 Banks
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Law on Your Side: Understanding HR Regulations in 2011
No Respite from RESPA