The marriage between social networking and social engineering could be one of the top security threats in 2011. Social engineering is hardly a new issue, but as social networking becomes more mainstream both in the home and in business, it goes to follow that the bad guys will do whatever they can to be one step ahead of users.
According to the folks from Zscaler:
Attacks on end users virtually always involve social engineering – a user must be convinced to visit a web page, open an attachment, etc. Spam email has valiantly served this purpose for many years, but just as everyday users are migrating away from email and toward social networks such as Facebook and Twitter for communication, so too are hackers. This is far from a bold prediction as attackers have been abusing social networks since they first came online. For example, XSS vulnerabilities on Twitter have been used to push malicious tweets, while Likejacking has emerged on Facebook as a means of promoting malicious profiles.
Social engineering schemes will be like this one Sue Poremba stumbled across at MountainRunner.us:
Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.
Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently. Investigation by several others has shown that the profile is for a nonexistent person.
In Sue’s own professional network, a person was friending everyone, yet no one knew him. Despite that, over 40 people clicked the accept button, so it looked like they had a wide circle of mutual friends. Turns out, the person was a scammer and his account was quickly deleted from the social network. Who knows what his intent was, but it appears he was taken care of before he could do damage. Sue expects to come across many more situations like that in the coming year.
This slideshow features some of the most recent attacks targeting Facebook users.
No one can stop all security breaches, but you can take steps to dramatically improve your ability to avoid disaster and mitigate damage. ... More >>
From power plants to water treatment sites to traffic control systems, critical infrastructure once thought invulnerable to targeted cyber attacks now lies squarely in the crosshairs. ... More >>
Here are 10 steps organizations should take to improve their cybersecurity response strategy and better mitigate the impact of attacks in the future. ... More >>