(1 votes, average: 5.00 out of 5)
Loading ...Cisco: Cyber Crooks target Social Media
San Francisco (ip-192.com): Cisco Systems, Inc. just released its 2009 Annual Security Report, saying that new threats are replacing old-school phishing scams.
"Social media and the data-theft Trojans are the things that are really in their ascent," said Patrick Peterson, a Cisco researcher. "You can see them replacing a lot of the old-school things."
The report highlights that
- Online criminals have taken advantage of the large social media following, exploiting users' willingness to respond to messages that are supposedly from people they know and trust.
- Politically-motivated threats are increasing, while governments are teaming up and promoting online security.
- Up to 90 percent of spam is untargeted. That includes spam delivered by botnets that floods inboxes with messages from supposed banks, educational institutions, and service providers.
- More than 80 percent of the web can be classified as “uncategorized” or “unknown”, making it challenging for traditional URL filtering technology.
- The new Cisco Cybercrime Return on Investment Matrix tracks the performance of the underground online criminal marketplace, helping organizations understand the latest targets.
In the Category “Most Audacious Criminal Operation,” the Trojan Zeus is the malicious program Cisco is most concerned. Zeus delivers malware to unsuspecting users via phishing emails and drive-by downloads. The malware can “listen” to computer activity and, through this intelligence gathering, can steal login names and passwords for banking and email accounts. It can even defeat hardware tokens and onetime passwords that people assume provide protection from this type of attack, according to Cisco.
Many worms have the power to regenerate as the Koobface worm proved in 2009. It first appeared on social networking websites such as Facebook in 2008. Later, it was “reborn” on Twitter. Koobface sends “tweets” that lure Twitter users into clicking a link for a YouTube video that instructs them to update their Flash player. That’s when the “fun” begins: Users download a file and launch the worm, and Koobface is off to “wriggle” its way toward even more potential victims. Thanks to variants of this malicious software, it is estimated that nearly 3 million computers have been infected. Koobface landed on first place in the category “Most Notable Criminal Innovation.”
Cisco also raises awareness about free services such as bit.ly and ow.ly that replace the long URL with a shorter unique address. Individuals who want to share WebPages, such as news articles or blog posts, with friends or business colleagues prefer to post short URLs to keep their tweets or Facebook status updates concise.
The problem with short URLs is that they eliminate the user’s ability to read the real web address and decide if a link is safe to follow. For instance, a colleague’s tweet may indicate that a link leads to a New York Times article, but since the link isn’t visible, there’s no way of knowing where the link will take the user. Many recent Twitter spam attacks use shortened URLs that lead to malware-laden sites.
Cisco says that after an examination of weblog data from more than 4000 Cisco web security customers, the impact of social media usage on the enterprise is clear. As much as 2 percent of all web traffic in these businesses comes from accessing social media sites, such as Facebook, MySpace, and LinkedIn. “While 2 percent may seem like a small number in terms of an employee’s total daily web browsing, it indicates an increase in an organization’s need to educate employees on potential losses which could occur via social media,” said Christopher Burgess, a senior security advisor to the Chief Security Officer at Cisco.
The full report can be found on Cisco’s website.
Related posts:
