In­fec­tious links

Crim­i­nals fo­cus on so­cial net­works

Finweek English Edition - - TECHTRENDS - SI­MON DIN­GLE si­mond@finweek.co.za

PEO­PLE HAVE BEEN trained to click on links. We know by now – I hope – we should never ac­cess links in emails claim­ing to be sent from our bank and other fi­nan­cial in­sti­tu­tions. How­ever, on Face­book and Twit­ter users will of­ten click on a link with­out even read­ing the con­text. The posts are from their friends, af­ter all – so there’s lit­tle cause for concern. Or is there?

Re­cent re­search shows that cy­ber crim­i­nals are in­creas­ingly fo­cus­ing on so­cial net- works to ex­ploit the trust we have for plat­forms such as Face­book and Twit­ter, where we know the peo­ple post­ing in­for­ma­tion. In its lat­est threat re­port IT Se­cu­rity firm Sy­man­tec shows some star­tling num­bers of in­fil­trated so­cial me­dia. Ac­cord­ing to the re­port, one of the pri­mary at­tack tech­niques used on so­cial net­work­ing sites in­volved the use of short­ened URLs. These ab­bre­vi­ated web­site ad­dresses are es­pe­cially pop­u­lar on Twit­ter, where users can’t post more than 140 char­ac­ters and use ser­vices such as is.gd to shorten the ad­dress so it fits in their tweets. The prob­lem is other users can’t see what the real ad­dress is – only the short­ened ver­sion.

Sy­man­tec re­ported: “Un­der typ­i­cal, le­git­i­mate cir­cum­stances these ab­bre­vi­ated URLs are used to ef­fi­ciently share a link in an email or on a web page to an other­wise com­pli­cated web ad­dress. Last year, at­tack­ers posted mil­lions of these short­ened links on so­cial net­work­ing sites to trick vic­tims into both phish­ing and mal­ware at­tacks.”

In the worst cases crim­i­nals man­aged to col­lect user names and pass­words and then make their posts from those ac­counts.

“The re­port found at­tack­ers over­whelm­ingly lever­aged the news feed ca­pa­bil­i­ties pro­vided by pop­u­lar so­cial net­work­ing sites to mass-dis­trib­ute at­tacks,” the re­lease re­ported. “In a typ­i­cal sce­nario, the at­tacker logs into a com­pro­mised so­cial net­work­ing ac­count and posts a short­ened link to a ma­li­cious web­site in the vic­tim’s sta­tus area. The so­cial net­work­ing site then au­to­mat­i­cally dis­trib­utes the link to news feeds of the vic­tim’s friends, spread­ing the link to po­ten­tially hun­dreds or thou­sands of vic­tims in min­utes.”

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.