|
By Michael Eggebrecht
As social networking sites like Facebook and Twitter get more and more popular -- and draw more and more attention from cybercriminals -- it's time for them to take security more seriously, says Sophos.
"What's needed is a period of introspection -- for the big Web 2.0 companies to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers," said Sophos senior technology consultant Graham Cluley in a statement accompanying the security company's threat report for the first half of 2009.
Organizations are increasingly concerned about the potential for attacks that originate at social networking sites, as well as the risks of sensitive personal or corporate information being exposed online, notes Sophos.
The report, issued today, points to a recent Sophos survey that found that two-thirds of businesses think employees' social media activities could endanger corporate security.
Twenty-one percent of respondents have been sent malware on a social networking site, and 21.2 percent have been phished on such sites.
That survey found roughly one-third of companies banning all access to sites like Facebook, MySpace and LinkedIn, while less than half allow open access to all staff. However, employees that face a social media ban will find ways around it, reducing the visibility of their activities for IT departments. Preventing staff from using social networking also ignores the benefits.
Still, "the honeymoon period of these sites is over," said Cluely, "and personally identifiable information is at risk as a result of constant attacks that the Web sites are simply not mature enough to protect against."
The study points to several recent incidents that highlight the potential dangers: In May, hundreds of Twitter accounts were hacked by Acai Berry weight-loss spammers; and a French hacker gained access to Twitter accounts through the company's internal administration systems. In June, hackers used U.K. parliament member Michael Fabricant's Facebook account to direct 1,500 of his friends to a malicious Web site.
More innocently -- but still a strong indication of the potential hazards -- the incoming head of the British Secret Intelligence Service was exposed in June to the entire Facebook network when his wife opened up her profile to the "London" network.
Sophos recommends that organizations run Web security software that checks every link that employees click on for malware or suspicious activity. Also suggested are implementing an employee education program, checking posted information for sensitive data, and applying multi-layered security at both the gateway and the endpoint.
The report also says that over the first half of this year, the U.S. hosted 39.6 percent of Web-based malware. China, which during the same period in 2008 accounted for 31.3 percent, now hosts only 14.7 percent. Russia followed with 6.3 percent and Peru with 4.3 percent.
The U.S. is also the leading source of spam -- which Sophos says now accounts for 89.7 percent of all business e-mail -- with 15.7 percent originating there, up from 14.9 percent over the same period last year. Brazil is second, with 10.7 percent, and China third with 6 percent.
Sophos says it identifies about 6,500 new spam-related Web pages daily, or one every 13 seconds; during the first half of 2008, it was finding one every 20 seconds. Social networking sites are being increasingly exploited by spammers, says Sophos. "Whereas Web-based e-mail services like Gmail, Yahoo and Hotmail have matured over some years and developed solutions to protect their users, social networks have become popular in a short period of time -- often meaning that they are lagging behind in defending users from unwanted messages," notes the report.
Only registered users can write comments.
Please login or register. |
