Social networking security issues
2010-02-02
The rise of social networking for business use brings with it new IT security difficulties, it has been claimed.
Ronnie Ng, senior manager of systems engineering at Symantec Singapore, told ZDNet Asia that companies need to find the right balance between using the most up-to-date communication tools and managing their assets.
He suggested to the website that social networking websites "are vehicles for malicious attacks to spread malware", pointing to messages on Twitter that direct users to download malware.
Mr Ng also pointed to a new technique where a sender's account is hijacked. From here, spammers send messages to everyone who is connected to the sender and once the receiver opens the message, malware will attempt to load
Another threat, Mr Ng explained, involves phishing attackers sending a message to a victim's Facebook inbox along with an email notification with the subject "Hello" or "Hi". The email seems to have come from the victim's friend, featuring text asking the user to visit a malicious Facebook login page. Here the attacker will steal the user's login details to initiate other attacks, he added.
Stefan Tanase, senior regional researcher for Eastern Europe, Middle East and Africa at Kaspersky Lab's global research and analysis team, also spoke to ZDNet Asia, talking about workers' use of social networking sites.
He commented: "All the personal information they share can be easily collected by someone with bad intentions and be used in sophisticated social engineering attacks.
"Usually, targeted attacks come with serious consequences, like intellectual property theft or corporate espionage."
Perimeter E-Security recently named social networking in its Top 10 Information Security Threats for 2010. The company said that websites such as Facebook, MySpace and Twitter pose serious threats to companies.
It described social networking sites as "a stalker's dream come true" and said they are breeding grounds for scams, scareware and spam.
Read more security news.
