Ransomware Tops List of Social Media Security Threats

Security Trends 2015: Developments in Exploits and Evasion

With retail data breaches, long-hidden vulnerabilities in software being discovered, and the Sony hack’s spotlight on insider threats, the security risks involving social media have taken a backseat. In fact, I can’t remember the last time I thought much about social media-related threats over the past months.

However, an infographic released by the folks at PhishMe about social media security reminded me that we can’t forget about potential risk areas just because they aren’t in the news cycle. As the infographic points out, the vast majority of us are signed up with at least one social media account, while many visit multiple social media sites on a regular basis. Hackers know this, and thanks to improved social engineering, they are able to gain access to a lot of information from users.

For businesses, the concern of social media is two-fold. First, there are the employees who are accessing social media sites on the corporate network, and if they fall for a scam, that puts company data at risk. Second, many businesses rely on social media to market their products and services. Who handles your company’s social media efforts? Someone who is well-trained in security or an unpaid intern who is just as susceptible to social engineering attacks as the guy in the next cubicle?

Help Net Security posted a list of social media security risks that we need to think about in the coming year. The list isn’t too surprising. We should expect a rise in malvertising (I would think that is across the board, not just on social media; for example, my security software has gotten quite a workout lately because of malware embedded in Web ads), Trojans hidden in videos—particularly graphic and violent videos, and lots of scams based on user activities. But the one that tops the list is the increasing risk of ransomware on social media sites, especially on social media sites accessed via mobile platforms. When an employee falls victim to a ransomware scam, everything on that computer’s hard drive could be held for ransom. How much of a loss of production is at risk here, as well as the theft or loss of data?

And it isn’t just the hard drive that’s at risk of locked data. As a CNBC article on cybersecurity stated:

“Ransomware victims will be in for a rude shock when they attempt to access their cloud storage to restore data—only to find their backups have also been encrypted by the ransomware,” the experts said.

As I mentioned, ransomware is only one of a number of security threats happening via social media, albeit one that has an escalating risk factor. But it may be the starting point for discussions with any employee who uses social media through the company network—whether for personal or business use—on how cybercriminals find social media to be an easy access point to a gold mine of information.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba