Despite the well-known security risks associated with services like Facebook and Twitter, social networking usage in business is becoming even more active, according to a new report from Palo Alto Networks.
The social networking usage in businesses range from Facebook apps, games, social plugins and information sharing. In many organizations, employers actively encourage the use of Facebook and Twitter to engage prospects and customers. In fact, according to Palo Alto Networks, the active use of these sites more than tripled between October 2010 and December 2011.
If your organization must use Facebook or Twitter for practical business purposes, Palo Alto Networks recommends that attention is paid to the following:
- Trust: Social networking applications have trained users to be too trusting by encouraging everyone to share the story of their lives. When users receive links, pictures, videos, and executables from their social network and presumably their “friends, they are more inclined to click first and think later. The elevated trust level has many ramifications, including social engineering, malware propagation and botnet command/control channels.
- Social engineering: Old-school social engineering had criminals calling users on the phone; convincing them they were the IT department. The conversation would result in divulging a user name and password. Now, social networking sites are rich with information about users that can easily be used to for social engineering purposes. A user’s social networking activity is monitored for names of pets or kids, activities, hobbies, vacations, holiday activities, and other commonly shared information that can be used to reset a password. With those data points, the cybercriminal is able to entice a user to click on a link forwarded from a supposed friend. The Aurora attack of a few years ago and the recent TDL4 outbreak both show connections to this type of social engineering. When used in this manner, the cyber criminals’ goal is to remain hidden, looking for very specific information, often times remaining silent for long periods of time.
- Malware propagation: By taking advantage of the “automatic” elevated levels of trust, it has become very easy for cyber criminals to rapidly propagate their payload using social networking applications. As an example, a variant of the Zeus Trojan, known in the past to steal financial information, recently infected thousands of Facebook users who had viewed photos supposedly sent to them by a friend. In reality, the friend’s account had been hijacked and the photos being sent were a booby-trapped screensaver file with a .jpg file extension.
- Botnet command and control: There are numerous examples of how social networking applications can act as a command and control channel for botnets. A very detailed description of this use case is included in the July 2010 Shadowserver Foundation report, Shadows in the Cloud: Investigating Cyber Espionage 2.0. The report highlights how social networking (and other applications) applications such as Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail were used to extract their payload from the targeted individuals.
The full Palo Alto Networks report is available here.