The marriage between social networking and social engineering could be one of the top security threats in 2011. Social engineering is hardly a new issue, but as social networking becomes more mainstream both in the home and in business, it goes to follow that the bad guys will do whatever they can to be one step ahead of users.
According to the folks from Zscaler:
Attacks on end users virtually always involve social engineering – a user must be convinced to visit a web page, open an attachment, etc. Spam email has valiantly served this purpose for many years, but just as everyday users are migrating away from email and toward social networks such as Facebook and Twitter for communication, so too are hackers. This is far from a bold prediction as attackers have been abusing social networks since they first came online. For example, XSS vulnerabilities on Twitter have been used to push malicious tweets, while Likejacking has emerged on Facebook as a means of promoting malicious profiles.
Social engineering schemes will be like this one Sue Poremba stumbled across at MountainRunner.us:
Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.
Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently. Investigation by several others has shown that the profile is for a nonexistent person.
In Sue’s own professional network, a person was friending everyone, yet no one knew him. Despite that, over 40 people clicked the accept button, so it looked like they had a wide circle of mutual friends. Turns out, the person was a scammer and his account was quickly deleted from the social network. Who knows what his intent was, but it appears he was taken care of before he could do damage. Sue expects to come across many more situations like that in the coming year.
This slideshow features some of the most recent attacks targeting Facebook users.
Forces Shaping the CIO Agenda in 2011 CIOs need to get the balance right between utility and innovation in order to secure influence in the future.
Ten Tips for Getting the Most Out of Your Laptop Quick tips and configurations to help you optimize your laptop experience.
Ten Security Tips for iPhones and iPads Recommendations from the NSA for maintaining iOS 4 security.
Making the right investments can minimize the cyber risks your organization faces, but this requires looking at the complete picture and not just a few pieces. ... More >>
In reviewing this list, continue to ask yourself how to apply the advice to your organization and its unique cybersecurity ecosystem. ... More >>
McAfee recently released its eighth annual study revealing the most dangerous celebrities to search for online. The study found a mix of comedians and musicians among the most dangerous. ... More >>