Social networks such as Facebook are of value to more serious criminals, but mainly for reconnaissance during targeted attacks. They are a great resource for learning background information about an individual and uncovering relationships, all of which can be of great value for social engineering. We’re not however, commonly seeing the communication aspects of social networks used to deliver malicious payloads directly to victims or investments in uncovering Web application vulnerabilities used to compromise end-user machines as opposed to spreading the aforementioned scams.
Prediction: Attackers will raise the bar and leverage social networks for more sophisticated attacks, the goal of which will be full compromise as opposed to marketing financial scams.
From social media abuse to data breaches to mobile malware and hacktivist activity, 2011 was filled with a vast array of security threats. It’s likely that this activity will only increase as 2012 begins. Michael Sutton, vice president of security research at Zscaler, has joined other prognosticators in identifying the top security threats in store for the coming year.