Social networks - a new serious source of cyber threats
Losses associated with data leakage, by 2019 reached 2.1 trillion dollars worldwide.
In 2016, cybercrime cost the global economy more than 450 billion dollars , more than 2 billion personal documents were stolen. Moreover, the accelerated transfer of daily consumer activities and corporate workflow to digital space, according to some estimates , will lead to the fact that the amount of damage from data leakage around the world by 2019 will increase to 2.1 trillion dollars.
')
Given the scale of the problem, the authors of a study conducted this year suggested that the majority (59%) of cybersecurity budgets would increase by at least 5% in the next 12 months, and every fifth company would spend hundreds of times more on cybersecurity. About half (47%) of companies plan to increase the personnel budget by 5% or more.
Obviously, even the blockchain scene may envy budgets allocated by businesses to address security issues and the seriousness of their approach to this issue. Be that as it may, the problem of the constant growth of threats in cyberspace is another side, unfortunately, almost completely unrelated to the quality of protection systems, but caused by consumer behavior.
Leaving aside data leaks in large corporations, let's talk about fraud, whose victims are ordinary members of society , and the cases where the success of such fraud is directly dependent on the actions of the victim. Even the most advanced fraud recognition systems available today are struggling to cope with the task of assessing the human factor.
In addition, as the diversity of online-connected devices grows, and as we put more and more personal and professional information on the network through various channels — primarily social media — the problem becomes more acute.
More importantly in this case, the fact that the diversity of social media and the emphasis on using different types of data: video, photos, voice, location information, connection attempts, phone numbers, educational information, and service information make it possible to compare all these types of information with each other. friend to create a clear and detailed profile of a person. Scammers today can easily access the voice samples of a potential victim in social networks, which allows them to easily deceive biometric verification systems.
About 20% of social media accounts that associate themselves with international brands are actually fraudsters. The results of a study published in March suggest that among all the threats prevalent in social media, phishing is gaining momentum, in which attackers pretend to be representatives of a real brand. The number of such cases increased by 150% in 2016 compared to 2015. According to another study conducted in the UK, for example, it turned out that the number of victims of theft of personal information increased by 57% , while the criminals conducted their “hunt” on social networks.
In addition to this, in the opinion of professionals , one of the biggest security problems in social media lies in the mechanisms of technology and how users connect with each other, and especially in the “expansion” of posts, one of the key elements of social networks. Many platforms strive for further integration with the “real” world , and the interest of users in live video and other mechanisms for transmitting events in real time is very high.
It is obvious that social media as a channel is becoming more and more saturated with personal information of all types, and, as a result, an increasingly successful place for the fraudsters to be a place of successful abuse of the human factor. Experts point out that while corporations and government agencies around the world train their staff to think twice before opening any emails, hackers have already switched to a new type of attack, making their goal social media accounts, where people are more inclined to trust unfamiliar sources.
To assess the magnitude of the issue, it suffices to look, for example, at the fact that the number of Facebook users over the past 10 years has grown from 20 million to almost 2 billion people . And although we, of course, will not share any personal information with these 2 billion strangers, having met any of them by chance in the real world, this rule stops working in social networks: there are practically no obstacles in them that prevent any user It is quite easy to reveal personal information to the same number of people.
Christie Terrill , a partner in cybersecurity international consulting firm Bishop Fox , recently put forward an important thesis that information that individuals freely publish in social media can be (and quite likely will be) used against them.
Moreover, according to Terril, LinkedIn is also used for mining e-mail addresses, so phishing emails containing links to malicious websites or software for extorting funds can be easily sent to the addresses of organizations whose employees are selected as the target.
Professional marketers also note an increase in the number of attempts to fraud in social networks. Kent Lewis , president and founder of Anvil Media, explained how social networking tools simplify identity theft and deception:
From the news on the marketing front, we should note the recent Google patent, which describes an algorithm for assessing the influence of individual participants in social networks. Such an approach is likely to lead to an increase in the participation of active users in the life of a social network, in order to gain influence points. ”
It is noteworthy that at the recently held Worldwide Developers Conference in San Jose, Apple announced that system-level social media integration is a thing of the past: social network accounts have been removed from the iOS 11 settings, and are likely to be replaced by the auto-complete feature. It’s impossible to say for sure whether this measure is related to the increase in the number of cyber-threats on social networks, or it is a matter of simply enhancing security. Be that as it may, according to comments on the beta release, Apple will close third-party social networking applications with access to their users' account data stored on the company's devices.
It is possible that similar reasoning prompted Salesforce to remove integration with LinkedIn from the sections of social accounts, contacts and leads at the end of last year. This measure led to the fact that all LinkedIn-related data, including information about LinkedIn profiles and user images taken from the social network, were deleted from Salesforce.
In 2016, cybercrime cost the global economy more than 450 billion dollars , more than 2 billion personal documents were stolen. Moreover, the accelerated transfer of daily consumer activities and corporate workflow to digital space, according to some estimates , will lead to the fact that the amount of damage from data leakage around the world by 2019 will increase to 2.1 trillion dollars.
')
Given the scale of the problem, the authors of a study conducted this year suggested that the majority (59%) of cybersecurity budgets would increase by at least 5% in the next 12 months, and every fifth company would spend hundreds of times more on cybersecurity. About half (47%) of companies plan to increase the personnel budget by 5% or more.
Obviously, even the blockchain scene may envy budgets allocated by businesses to address security issues and the seriousness of their approach to this issue. Be that as it may, the problem of the constant growth of threats in cyberspace is another side, unfortunately, almost completely unrelated to the quality of protection systems, but caused by consumer behavior.
Leaving aside data leaks in large corporations, let's talk about fraud, whose victims are ordinary members of society , and the cases where the success of such fraud is directly dependent on the actions of the victim. Even the most advanced fraud recognition systems available today are struggling to cope with the task of assessing the human factor.
In addition, as the diversity of online-connected devices grows, and as we put more and more personal and professional information on the network through various channels — primarily social media — the problem becomes more acute.
More importantly in this case, the fact that the diversity of social media and the emphasis on using different types of data: video, photos, voice, location information, connection attempts, phone numbers, educational information, and service information make it possible to compare all these types of information with each other. friend to create a clear and detailed profile of a person. Scammers today can easily access the voice samples of a potential victim in social networks, which allows them to easily deceive biometric verification systems.
The culture of excessive frankness and blind faith in social media have created a new type of fraud. About 20% of social media accounts that associate themselves with international brands are in fact created by fraudsters.
About 20% of social media accounts that associate themselves with international brands are actually fraudsters. The results of a study published in March suggest that among all the threats prevalent in social media, phishing is gaining momentum, in which attackers pretend to be representatives of a real brand. The number of such cases increased by 150% in 2016 compared to 2015. According to another study conducted in the UK, for example, it turned out that the number of victims of theft of personal information increased by 57% , while the criminals conducted their “hunt” on social networks.
In addition to this, in the opinion of professionals , one of the biggest security problems in social media lies in the mechanisms of technology and how users connect with each other, and especially in the “expansion” of posts, one of the key elements of social networks. Many platforms strive for further integration with the “real” world , and the interest of users in live video and other mechanisms for transmitting events in real time is very high.
It is obvious that social media as a channel is becoming more and more saturated with personal information of all types, and, as a result, an increasingly successful place for the fraudsters to be a place of successful abuse of the human factor. Experts point out that while corporations and government agencies around the world train their staff to think twice before opening any emails, hackers have already switched to a new type of attack, making their goal social media accounts, where people are more inclined to trust unfamiliar sources.
To assess the magnitude of the issue, it suffices to look, for example, at the fact that the number of Facebook users over the past 10 years has grown from 20 million to almost 2 billion people . And although we, of course, will not share any personal information with these 2 billion strangers, having met any of them by chance in the real world, this rule stops working in social networks: there are practically no obstacles in them that prevent any user It is quite easy to reveal personal information to the same number of people.
Christie Terrill , a partner in cybersecurity international consulting firm Bishop Fox , recently put forward an important thesis that information that individuals freely publish in social media can be (and quite likely will be) used against them.
“In many cases, cybercriminals will use social media as an initial information gathering tool for the subsequent social engineering of their goals. Quite unexpectedly, your Twitter account for attending a conference for executives can be used to create an individual phishing email containing a malicious link. But even if the author of such a letter may make an obvious mistake, the likelihood of successful fraud (click on the link) increases if certain aspects of the situation are taken into account, ”Terril said.
Moreover, according to Terril, LinkedIn is also used for mining e-mail addresses, so phishing emails containing links to malicious websites or software for extorting funds can be easily sent to the addresses of organizations whose employees are selected as the target.
“With the growing popularity of social media around the world, criminals have at their disposal an unprecedented set of opportunities to steal personal information or commit online fraud.”
Professional marketers also note an increase in the number of attempts to fraud in social networks. Kent Lewis , president and founder of Anvil Media, explained how social networking tools simplify identity theft and deception:
“Social media get the main profit from targeted advertising, the accuracy and relevance of which depends on the personal information provided by users. For this reason, they encourage registered users to provide as much information about themselves as possible.
From the news on the marketing front, we should note the recent Google patent, which describes an algorithm for assessing the influence of individual participants in social networks. Such an approach is likely to lead to an increase in the participation of active users in the life of a social network, in order to gain influence points. ”
“With the growing popularity of social networks around the world, criminals have at their disposal an unprecedented set of opportunities to steal personal information or commit online fraud. When it comes to harassment or identity theft, the use of photo and video sharing sites such as Flickr and YouTube allows you to better explore the potential victim, her family, friends, home, favorite hobbies and interests, ”adds Lewis.
It is noteworthy that at the recently held Worldwide Developers Conference in San Jose, Apple announced that system-level social media integration is a thing of the past: social network accounts have been removed from the iOS 11 settings, and are likely to be replaced by the auto-complete feature. It’s impossible to say for sure whether this measure is related to the increase in the number of cyber-threats on social networks, or it is a matter of simply enhancing security. Be that as it may, according to comments on the beta release, Apple will close third-party social networking applications with access to their users' account data stored on the company's devices.
It is possible that similar reasoning prompted Salesforce to remove integration with LinkedIn from the sections of social accounts, contacts and leads at the end of last year. This measure led to the fact that all LinkedIn-related data, including information about LinkedIn profiles and user images taken from the social network, were deleted from Salesforce.
Source: https://habr.com/ru/post/404571/
All Articles