Social networks may represent one of the most common infection and data loss vectors today, but it’s patently obvious that they are here to stay.
Looking at them from a business standpoint, they are a great way to connect with your customers and are increasingly being used for marketing and sales, so the issue here is not should companies use them or not, but how to mitigate the inherent risk of use.
According to a Sophos survey carried out last December, Facebook tops the list of “risky” social networking sites:
Even though the main reason for blocking such sites is still the (negative) impact on productivity, malware infection is quickly catching up. Spam reports and phishing attacks have also risen in number considerably since April:
The Koobface worm is another thing that users of social networks should be aware of. Starting from Facebook, it was adapted through time to be able to target MySpace, Bebo, Friendster, hi5 and Tagged users. His latest incarnation conquered Twitter’s defenses.
The Mikeyy Mooney worms that spread through Twitter in the first half of 2009 were mostly annoying, but it shows how easily social networks can be compromised and how fast the “infection” can spread. It should be a taken as a warning and a signal to improve design, programming and policies on these networks.
Lately, another danger regarding the use of social networks has reared its ugly head: social networking attacks. Information you provide about yourself can be used to trick you or friends into opening a malicious email or clicking on a malicious link, because it creates an illusion of legitimacy and inspires trust in the recipient. Spam of this kind has, unfortunately, become common, and has aided the dissemination of malware.
And, finally, there is the problem of putting sensitive or just too much information on your profile. So far, no social network has proven to be impervious to breaches, so you mustn’t count on that information to be kept private forever and ever.
Facebook has made one step into the right direction by introducing a new range of privacy settings, but then made a misstep by recommending settings that would make personal data available to everybody.
Good news also came from bit.ly, the most popular URL shortening service on Twitter, when they decided to integrate new-security related services aimed at keeping out the malicious URLs.
To check out the rest of the report, go here.