Since a past decade, social media networking has become an essential part of our life According to Statista, in 2021 there are 3.78 billion social media networking users worldwide. And because of its inherent nature, people are becoming more and more vulnerable to attack.
There are different types of threats in social networks such as:
* Cyber Intrusion and Data Breaches
* Phishing
* Identity Theft
* Malicious Third Party Applications
* Spam
* Fake Users
* Legitimate Look Redirects
Cyber Intrusion and Data Breaches
Cyber criminals can easily use social media sites in very big data breach which is an incident in which personal information, like medical record or financial details are exposed to an unauthorized person.
For example linkedin was a key tool in the Anthem Health’s 2015 breach
(Anthem, one of the largest health insurers in the us said hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees. The information accessed included names, Social Security numbers, birthdays, addresses, email and employment information, including income data)
Phishing
Phishing is a type of attack in which the attacker clone a legitimate web page like Facebook or Google login page and programmed it in a way that send the login information to a database that he previously made .
And because most of the people use one primary email address such as Gmail for different websites , by hacking the primary email address the attacker can read the emails from which he know all the websites that are linked to this email address and ask each website to recover the password.
And to bring the victim to the phishing web page, the attacker primarily uses social media to share his phishing page with exciting title and to continue you must login .
Malware
Social media is considered a great medium for spreading malware and viruses. Developers of adware, malware and viruses injects thair malicious code in links, attachments, advertisements and messages, which is a normal task in any social networking website. Once users respond to them, the hidden malware infects their computer.
For example shortened URLs is widely used On Twitter to force users visiting malicious websites that collect their personal information , and if accessed from the work computer things are going to be worse
Attackers usually use URL shortner services to hide the address of malicious URL from the victim.
Also games and third-party applications that people use on social media can cause additional vulnerabilities.
70% of malware exist in social media, especially on Facebook, Myspace, Twitter, and LinkedIn
Cyber criminals are targeting individuals as well as companies through phishing emails used for installing ransomware to encrypt important files of the victim, causing damage to the particular software, and messages from the criminals are displayed.
WannaCry which is targeting computers using Microsoft Windows as an operating system,encrypts data and demands payment for its return.
Social Engineering
Social engineering is the art of manipulating people to get confidential information like passwords or bank information
Cyber criminals are heavily utilizing social engineering to get the personal information of individuals by using fake social media accounts and building trust over the time.
Users trust their partners in social media and often share highly sensitive information
Even large companies are becoming the easy targets of the adversaries through social engineering, who try to convince them to disclose sensitive information.
Identity Theft
Information that shared in social networks can use against the user to launch cyber-attacks. Even a few simple personal details may provide enough information to to capture the identity of the victim when put together.these little information can be used in guessing passwords or answering the password recovery questions .
For example pages that the user like on facebook may be a complete answer to password recovery questions or used with other information like birthdate , location, phone number , and interests to guess the password.
Another example , by liking specific bank page on facebook , this means that the victim may have account in that bank , which can be used by attackers in designing a phishing attack.
Spams
Spam is unsolicited communications sent in bulk over the internet by spammers and cybercriminals to :
* Make money from the recipients that respond to it
* Run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more
* Spread malicious code onto recipients’ computers
social media spams are more successful than traditional spam that use email for spreading . due to social relationship between users that convince the recipient to respond to it.
Malicious Third Party Applications
Social media websites also allow users to run third-party applications like online gaming apps and dating apps . these apps have access to some sort of personal information of the user’s profile like messages and news feed wall, some of these apps are malicious they are build to be exploited and if they are not malicious intentionally they may be vulnerable and prey to exploit from attackers. Then the attacker will have all the privileges they have
Fake account
Cyber criminals can easily make a fake account with a realistic look information such as a fake name, city, birthdate and few fake pictures. With which he can build trust overtime with his or her victims. After that he can use social engineering tactics to gain personal info ,run phishing scams, spread malware etc.
So don’t trust unknown people
References
N. Hayes, “Why social media sites are the new cyber weapons of choice,” 2017. [Online]. Available: https:// www.darkreading.com/attacks-breaches/why-socialmedia-sites-are-the-new-cyber-weapons- of-choice/a/ d-id/1326802?
K. Thakur, T. Hayajneh and J. Tseng, "Cyber Security in Social Media: Challenges and the Way Forward," in IT Professional, vol. 21, no. 2, pp. 41-49, 1 March-April 2019, doi: 10.1109/MITP.2018.2881373.
Comments
Post a Comment
if you have any questions or suggestions please let me know