AVERAGE MINUTES PER VISITOR PER MONTH
SOCIAL MEDIA PRIVACY SCORES
based off of 260 metrics from data-collection to privacy policies.
SOCIAL NETWORKING WORMS
Enlist more machines into its botnet, and hijack more accounts to
send more spam to enlist more machines. All the while making
money with the usual botnet business, including scareware and
Russian dating services.
Multiple worm attacks. Mikeyy
worm started to spread via
Twitter posts by encouraging
you to click on a link.
TOP 10 THREATS
The e-mail that lured you to sign into Facebook, hoping you don't
pick up on the fbaction.net URL in the browser.
Phishing attacks designed to
gain passwords for profit.FACEBOOK 5/18/2013
URL Zone is a similar banking Trojan, but even smarter, it can
calculate the value of the victim's accounts to help decide the
priority for the thief.
URL shortening services (e.g., Bit.ly and Tinyurl) to fit long URLs
into tight spaces. They also do a nice job of obfuscating the link so
it isn't immediately apparent to victims that they're clicking on a
Users share a bit too much about the organization -- projects,
products, financials, organizational changes, scandals, or other
Passwords have been stolen.
6 million were compromised.LINKEDIN 6/6/2012
ADVANCED PERSISTENT THREATS
(APT) is the gathering of intelligence about persons of interest
(e.g., executives, officers, high-net-worth individuals), for which
social networks can be a treasure trove of data.
Twitter accounts being used as a command and control channel for
a few botnets. The standard command and control channel is IRC,
but some have used other applications -- P2P file sharing in the
case of Storm -- and now, cleverly, Twitter.
CROSS-SITE REQUEST FORGERY (CSRF)
CSRF attacks exploit the trust a social networking application has
in a logged-in user's browser. So as long as the social network
application isn't checking the referrer header, it's easy for an attack
to "share" an image in a user's event stream that other users might
click on to catch/spread the attack.
Several impersonators have gathered hundreds and thousands of
followers on Twitter -- and then embarrassed the folks they
Like e-mail, when it hit the mainstream, or instant messaging when
it became ubiquitous, people trust links, pictures, videos and
executables when they come from "friends".
87%of small to medium-sized
businesses do not have formal,
written internet security policies.
70%of these businesses lack
policies for employees’ use of
social media, despite the fact that
they are increasingly favored by
cybercriminals for phishing attacks.
Once an attacker gains access to their account, they
can easily find a way to mine more information and to
use this to access their other accounts. The same is
true for corporate accounts, which are publicly
available on sites, like LinkedIn.
90% of sites don’t require a full name or date of
birth for permission to join.
80%of users failed to use standard encryption
protocols to protect sensitive user data from hackers.
71%of websites reserve the right to share user
data with third parties in their privacy policies.
CLICK TO SEE THE FULL INFOGRAPHIC HERE: