The marriage between social networking and social engineering could be one of the top security threats in 2011. Social engineering is hardly a new issue, but as social networking becomes more mainstream both in the home and in business, it goes to follow that the bad guys will do whatever they can to be one step ahead of users.
According to the folks from Zscaler:
Attacks on end users virtually always involve social engineering – a user must be convinced to visit a web page, open an attachment, etc. Spam email has valiantly served this purpose for many years, but just as everyday users are migrating away from email and toward social networks such as Facebook and Twitter for communication, so too are hackers. This is far from a bold prediction as attackers have been abusing social networks since they first came online. For example, XSS vulnerabilities on Twitter have been used to push malicious tweets, while Likejacking has emerged on Facebook as a means of promoting malicious profiles.
Social engineering schemes will be like this one Sue Poremba stumbled across at MountainRunner.us:
Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.
Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently. Investigation by several others has shown that the profile is for a nonexistent person.
In Sue’s own professional network, a person was friending everyone, yet no one knew him. Despite that, over 40 people clicked the accept button, so it looked like they had a wide circle of mutual friends. Turns out, the person was a scammer and his account was quickly deleted from the social network. Who knows what his intent was, but it appears he was taken care of before he could do damage. Sue expects to come across many more situations like that in the coming year.
This slideshow features some of the most recent attacks targeting Facebook users.
While cyber crime continued to dominate headlines and wreak havoc on organizations of all sizes across nearly every industry in the first half of 2014, it's refreshing to note law enforcement also stepped it up. ... More >>
The patches released by Microsoft for the August Patch Tuesday include nine bulletins (two critical and seven important) and cover 38 CVEs. ... More >>
Here are five steps organizations and individual users should take now to protect their most sensitive password-protected information. ... More >>