Thursday 28 July 2011

Sophos report reveals increase in social networking security threats | Naked Security

Sophos report reveals increase in social networking security threats

Facebook logoOver 30,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest internet and Facebook security threats. X

Twitter logoHi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. X

YouTube logoDon't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. X

RSS logoHi there! If you're new here, you might want to subscribe to the RSS feed for updates. X

Filed Under: Apple, Data loss, Law & order, Malware, Mobile, Privacy, Social networks, SophosLabs, Spam, Vulnerability

Sophos Security Threat Report 2011
Sophos has today published its annual Security Threat Report, looking back at the last twelve months and ahead to the threats we can expect to encounter during 2011.

Inside you'll find a wide variety of threats discussed including:

  • Social networking threats
  • Fake anti-virus
  • Stuxnet
  • SEO poisoning
  • Data loss and encryption
  • Web threats
  • Email threats
  • Spam
  • Malware trends
  • Windows 7
  • Apple Macs
  • Mobile devices and smartphones
  • Cybercrime
  • Hacktivism

One of the key findings is that reports of social networking spam and malware attacks have risen once again.

By mid-2010, Facebook recorded half a billion active users, making it not only the largest social networking site, but also one of the most popular destinations on the web. Unsurprisingly, this massive and committed user base is heavily targeted by scammers and cybercriminals, with the number and diversity of attacks growing steadily throughout 2010 – malware, phishing and spam on the various social networks have all continued to rise in the past year.

Sophos polled users asking if they had received spam, phishing or malware attacks via social networks. This is how they responded:

Social networking survey results

To explain that graph another way:

  • 40% of social networking users quizzed have been sent malware such as worms via social networking sites, a 90% increase since April 2009
  • Two thirds (67%) say they have been spammed via social networking sites, more than double the proportion less than two years ago
  • 43% have been on the receiving end of phishing attacks, more than double the figure since April 2009

This isn't just a problem for home users. Many people check their social networking accounts from the workplace, making the sites a potential vector for attacks against businesses.

There's no doubt that cybercriminals are showing a much higher level of interest in the social networks than ever before, with Facebook being the site they are targeting the most.

Facebook's recently clumsy introduction of a feature which would allow rogue application developers to access users' mobile phone numbers and home addresses (and its subsequent temporary withdrawal while it rethinks its approach) makes me question whether privacy and security are part of the company's DNA.

I see two possibilities.

Either Facebook simply doesn't "get" security and privacy. Or it just doesn't care.

I really hope it's the former. Because if it is, there's still a chance that Facebook can build a network that is secure for its users and will make its users' privacy a top priority.

There's a real problem, though, if Facebook just doesn't care that much about privacy and security. Because 500+ million users are going to find it very difficult to wrench themselves away from the world's most popular social network.

Download the Sophos Security Threat Report 2011

Download your free copy of the Sophos Security Threat Report 2011 now and learn more about not just social networking dangers, but also the many other security threats faced by businesses and computer users.

, , , , , , , ,

About the author

Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which is very cool. His awards cabinet bulging, he was voted "Best Security Blogger" by the readers of SC Magazine in 2011. You can contact Graham at gc@sophos.com, or for daily updates follow him on Twitter at @gcluley.