Social networks give fuel to cyberattacks, says Symantec

In 2010, businesses came under targeted attack using details harvested from social networking sites, Symantec has said in its annual security report
Written by Tom Espiner, Contributor on

Targeted attacks that use details gleaned from social-networking sites will continue to be a problem for businesses in 2011, according to Symantec.

It's possible, using social networks, to profile people Targeted attacks haven't gone away.
– Orla Cox, Symantec

This means that employees should be discouraged from identifying their employer and job role on social-networking sites such as Facebook, as these details can be used in attacks, a Symantec researcher said. The security company released the 2010 edition of its annual Internet Security Threat Report on Tuesday.

"It's possible, using social networks, to profile people," Orla Cox, Symantec Security Response operations manager, told ZDNet UK. "Targeted attacks haven't gone away."

Spear-phishing attacks

In a targeted attack, hackers typically use a technique known as 'spear phishing', according to Symantec. The criminals identify an employee with access rights to enterprise systems and then send the target emails with malicious attachments or links to malicious sites to try to gain control of the company's systems.

By scanning social-networking sites, hackers can garner enough information to fool the target into trusting their emails and falling for the attack.

Security companies can screen for malicious attachments, but this may not be effective, as hackers use their own quality assurance schemes, said Cox. A more pressing problem is links to malicious sites, as there are very few technical measures that can be deployed.

"With spear phishing... that one is down to user education," Cox said. "It comes down to policies."

Stuxnet and Hydraq lessons

In 2010, the technique was used to set up the Stuxnet attack, which infected control systems at the Iranian Bushehr nuclear power plant, and the Hydraq information-stealing attack on enterprise networks that happened in January, Symantec noted in its report.

"Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues," the company said.

In addition, the Stuxnet and Hydraq attacks suggest that hackers are raising their sights and posing a risk not just to individuals, but to nations, Symantec said.

"The nature of the threats has expanded from targeting individual bank accounts to targeting the information and physical infrastructure of nation states," it said.

Over the year, Symantec charted a 93-percent increase in web attacks, which often take users to sites hosting a variety of malware bundled into 'toolkits'. The most prevalent toolkit in 2010 was Phoenix.

Another risk came from URL-shortening services, which can hide destination websites, said Cox. These make it difficult for general users to tell if they are being directed towards a nefarious site. Over a three-month observation period, 65 percent of malicious links in news feeds used shortened URLs, Symantec found.

Mobile malware

The security company also warned that it had seen an increase in mobile malware in 2010, mostly in Android marketplaces. Cox said Google's policy of having a more "open" marketplace created security problems.

"The Android user community provides details of the app and the safety of it," said Cox. "This is a much more reactive model."

As more financial services become mobile, hackers will turn their attention more to mobile devices, she added, noting that Symantec has detected basic information stealing and search poisoning on smartphones.

"As countries like Japan start to use mobile phone payment methods, we're starting to see credit card information on phones and information stealing," Cox said.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards