February 15, 2010, 8:48 PM — Earlier this month, CSO reported that cybercrime attacks on Facebook, Twitter and LinkedIn have exploded, according to a recent survey conducted by security firm Sophos(See: Facebook, Twitter, Social Network Attacks Tripled in 2009).Reports of malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites. Another 36 percent reveal they have been sent malware via social networking sites (See also: Social Medial Risks: The Basics).
The "Social Security" survey is part of Sophos' 2010 Security Threat Report, which looks at current and emerging computer security trends and found that social networks are opening up new opportunities for cyber criminals to locate so-called "soft" targets and pull of precise and targeted attacks. We wanted to know: What makes someone look like an easy hit for the bad guys? Chet Wisniewski, Senior Security Advisor with security firm Sophos, gives us some clues.
You have access to a VIP or valuable data
Security researchers are noting two distinct kinds of attacks on social networks, according to Wisniewski. The first; the more traditional spray spamming where many users receive a message on their Facebook wall, in their inbox, or on Twitter, that contains a malicious link. But the other, more disturbing trend, said Wisniewski, is that these social networks, by nature of how they work, make it possible for criminals to cyber stalk potential victims. The bad guys watch your activity to see what you say, and then use it in an attack (Read more in Seven Deadly Sins of Social Networking Security).
"There is definitely another network of crime where they are taking time, and closely watching in order to pull off certain things," said Wisniewski.
Users at risk for this kind of attack might be a person who has access to something or somebody that the criminal wants. You might be the executive assistant to a corporate CEO, or a human resources representative who has access to all of your company's employee files. You may not think anyone notices, but this makes you a desirable target, said Wisniewski.