As the world becomes increasingly interconnected through the Internet and other technologies, it seems there is no place safe from the crosshairs of cybercriminals. In recent years, users and businesses have seen hackers breach all kinds of targets, including individual desktops, mobile devices, POS systems and the corporate network at large. Recently, however, it appears that black hats have widened the scope of their attacks to include not only traditional vectors, but social media as well.
When looking at it from a hacker’s point of view, it’s easy to understand why social networks would be the next sensible target. Oftentimes, cybercriminals go where they have access to the largest pool of victims. With social media websites like Facebook, Twitter, LinkedIn and others steadily increasing their user numbers, it’s not difficult to imagine hackers utilizing these platforms to the advantage of their malicious activities.
But how exactly are cybercriminals leveraging social media for their attacks? Let’s examine this rising trend as well as how users can protect themselves.
Social media: Gateway to waterhole attacks
In recent years, attackers have used websites frequented by one or more members of a target group to infect these individuals and their devices with malware. For example, if a black hat is looking to go after a particular business and notices through observing network activities that a number of employees often use an informational website related to that industry, the hacker could place malware on the site – or create a legitimate-looking fake page – to lure staff members into infecting the network.
Kaspersky Lab director of global B2B marketing Mark Bermingham recently told PCWorld that this year, there will be an increase in waterhole attacks stemming from social media usage.
“Security measures can’t overcome stolen credentials and click-throughs to dubious links,” Bermingham pointed out.
In addition. security researchers at Proofpoint estimated that in 2015, there will be a 400 percent increase in malicious social media content.
Facebook Trojan attack
The presence of a Trojan attacking users through Facebook appears to support experts’ predictions for increased social media attacks. In early February 2015, security researchers discovered a pornography-based Trojan infecting users on the popular social media site, IT Pro reported.
The attack lures users into infection by promising racy content through a link. Once clicked, victims are able to view a preview of the pornographic content, but the video stops at the halfway point and asks users to download an updated Flash player to continue. The player is actually a malicious fraud, infecting victims and enabling hackers to control keyboard and mouse activities. Once the malware is installed, it posts the malicious link to the victim’s Facebook page and tags the user’s friends, thereby infecting all others that click on it. The malware is also able to send private messages to victims’ friends, spreading the infection even further.
As of early February, the attack had infected an estimated 110,000 Facebook users’ machines over a two-day period. After the discovery, a Facebook spokesperson released a statement noting that the website was utilizing several automated technologies to pinpoint and mitigate the damages of such infectious links.
“In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites,” noted the Facebook spokesperson. “We are blocking links to these scams, offering cleanup options and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”
Rebels lure enemies with malware honeypot sites
The Facebook Trojan isn’t the first time risque content was used to lure victims into malware infection. Ars Technica reported that this technique has been utilized by Syrian rebels as recently as February 2015 to steal sensitive information from rebel soldiers.
In the attacks, hackers leverage fraudulent social media and Skype accounts, appearing to belong to female supporters of Syrian rebel groups. These are used to trick rebel soldiers into downloading malware that captures a range of personal information from desktops and Android devices.
“The attacker asked for a photo of the target and then sent a picture of her own – a picture that the victim was too busy mooning over to realize it came with malware,” noted Ars Technica contributor Sean Gallagher.
Security researchers discovered that using this approach, hackers were able to gain access to personal details about their targets, as well as battle plans and other military intelligence belonging to Syrian government troops.
Protection comes down to awareness and diligence
Social media attacks can be much harder to protect against, as they are oftentimes very well disguised. For this reason, users must put in their due diligence and be sure that they understand the risks.
“Greater awareness and vigilance are the best defenses,” noted PCWorld contributor Tony Bradley.
Keeping up on the latest social media-based attacks and being wary of any suspicious links, message attachments and posts can help users prevent becoming a victim of these kinds of infections.