Advertisment

Networking sites emerge a new hot-spot for hackers

author-image
CIOL Bureau
Updated On
New Update

Pankaj Maru

Advertisment

MUMBAI, INDIA: In the digital age, being a social networking sites' member is no longer a fad but is considered life's integral part, especially by today's youth and tech-savvy generation.

But, how safe and secure are these popular social networks as the users spend long hours regularly, share personal information with pictures and videos?

Can the cyber criminals attack such social networks and misuse users' personal informations? Yes, certainly cyber criminals are attacking social networking sites to collect user's information for anti-social activities, according to security experts.

Advertisment

“About 49 per cent adults access information, stay in touch and entertain themselves through applications on social networking sites and it's no surprise that cyber criminals are tapping their vast potential for financial gains,” according to a  recent study.   

According to Symantec's vice president — India Product Operations, Shantanu Ghosh, the ever-increasing social networkings popularity has opened up new avenues for cyber criminals and the past few months have witnessed repeated attacks on highly popular social networking sites.

“These may be their first encounter with cyber criminals for millions of users but the trend of attacks on  social networking sites is not a new one. It has, however, grown to become the most obvious choice for attackers due to numerous reasons,” Ghosh says.

Advertisment

He points out, “For starters, they are easy for criminals to spoof, as social networking pages are generally trusted by users and so phishing attacks mimicking them may be more successful.”

“Profiles on social networking sites often contain a significant amount of users' personal information and the spoofed social networking pages can include links to false downloads that require users to enter confidential data such as authentication or credit card information which can subsequently be used for fraudulent purposes,” Ghosh explains.

According to Symantec report, social networking sites topped the list when it came to phishing attacks in most countries globally. In October 2009, Symantec witnessed a round of spams attempting to spread a Trojan known as Trojan. Bredolab via emails masquerading as social networking site's notification stating recipient’s password was reset.

Advertisment

The message came with a zip file containing a malicious .exe file detected as Trojan. Bredolab. This variant linked to a Russian domain, infectes machines so it likely becomes part of a Bredolab botnet.

Ghosh views, for spammers the biggest advantage of such sites is it provides users with a variety of customization options and third-party applications. “Users can customize details in their profile, include links to other sites, upload images, videos and in some cases users are even allowed to embed codes into profile page. The problem is that hackers can do all of these things as well turning all these features into potential attack vectors,” he points out.

For instance, spammers or cyber criminals can customize their own profile or hijack other users' profile to gain access to a social network and use the information gathered from others to carry out a social engineering attack. Moreover, posing as a  member of such sites they post links, videos and images to distribute malware.

Advertisment

Further, Ghosh reckons, these sites easily provide third-party applications or developer's  application programming interface (API) access, which offers space for attackers' vulnerabilities and it's similar to those attacks happening on browsers via its plug-ins.

This situation poises major security threats for social networking sites as well as its millions of users, particularly the misuse of personal and confidential data by cyber criminals for anti-social activities.

So, does these social networking sites have security mechanisms?

Advertisment

“Though such sites have stringent security mechanisms to protect users and their information, the ever-evolving threat landscape and the trend of cyber criminals using social engineering techniques leaves users vulnerable,” Ghosh replies.    

Moreover, he says, social networking sites are built on the foundation of interactions between people involving a high level of trust.

“It is these human factors that are misused via social engineering methods and this technique is used by malware authors who take existing threats and use social networks to increase their effectiveness by exploiting emotions like fear, anxiety and abusing trust.”

According to Symantec, social engineering is already one of the primary attack vectors being used today and it predicts that the score of attempted attacks using social engineering techniques is sure to increase in 2010.

s

tech-news