It strikes me as somewhat of a mystery that the social networking explosion has not given rise to equal amounts of reaction to the security concerns it can create.  Besides the obviously sensationalized issue of “bullying” or intimidating through this personal medium, the greater issue of security is a significant concern that should be thoroughly thought about and discussed.

Consider a typical social networking environment in which users are able to link with friends, distribute topical commentary and share endless bounds of content treasures discovered by even more endless “circles of friends.”  I will admit, there are some nuggets of gold to be had within these social circles and content sharing, but there are also many nuggets of pyrite (fools gold) with sinister intention hidden in the seemingly endless treasure trove of links.

By dissecting the nature of social networking, it is easy to see how a threat can flourish at an alarming rate on a large scale of unknowing recipients. Given that the “circle of contacts” users typically befriend are people that they know and inherently trust.  And since there is an assumed trust, one would not expect these contacts to knowingly distribute malicious links or content.  Unfortunately, trust is not 100 percent guaranteed, and is possibly compromised by hackers discovering login credentials and pushing their attack items to the trusted contacts from that login.  Even more alarmingly, third-party applications inherent to social networks have been identified as sources of malicious intentions.  Obviously the social networking vendors are taking security seriously and scrutinizing externally developed applications before they are published on their networks, but unfortunately, as seen in 2009, there will always be a highly motivated developer determined to don their wares on unsuspecting recipients and figure out a way to bypass security measures.

What does this mean? Is it safer to boycott social networking and step back into non-digital mediums for social interaction? This won’t work, as social networking has an established foothold in the everyday lives of millions, and the perceived value far surpasses the potential threats.  So that leaves us with the question of security and how can we apply security processes, tools and techniques to this new generation of applications, ensuring freedom of use without risk of compromise.

Think about the basics – regardless of the increasingly sophisticated delivery method of threats, many of the traditional protection methods are still valid.  By ensuring the most recent security patches and updates for operating systems and applications are applied, you are staying ahead (or just behind) the curve of attack opportunities.  Use of desktop security software is an absolute must, as the vast majority of attacks will still rely on the ability to install and execute some code from the desktop system.  If you have a reliable desktop security product and it is up to date, much of these attempts by attackers will be thwarted ensuring you are not falling victim to an attack carried by social networking.

As Fortinet cyber security and threat researcher Derek Manky says, “Think before you link.” Make a judgment call on links proposed to offer “so-called internet gold”.  Does that YouTube link forwarded to you actually take you to YouTube? Did you verify the domain in the URL? Youtube.com can look like y0utube.com at a glance.  Avoid links on a Web page that suggest updates to applets or applications – more than likely the application will have their own update mechanism and will guide you through an update if necessary vs. a “click to upgrade” propose link.

Be social, but be safe.

(This post originally appeared on ZDNet)

While the next generation of tech has arguably arrived, it is simply a fact now that social networking sites and the blogosphere have become an integrated part of many peoples lives – some may even call them home (at least to their browsers). In 2008, we predicted the wave of spam that would hit these “Web 2.0″ platforms as it was a natural target for spam to migrate to after years of living inside of mass mailers. Indeed, throughout the year of 2008 we witnessed a barrage of attacks on these sites: malicious social applications, “Spam 2.0“, worms such as Koobface, XSS exploits, and various phishing campaigns. Here we are, a year and a half later and the spam attacks not-surprisingly continue.

Amongst all of this activity, more platforms with further complexity continue to arise and gain popularity, such as micro-blogging site Twitter. Naturally, some of the similar aforementioned attacks have followed as well. One of the effective mechanisms of next-generation worms traversing through linked accounts on social networking sites is that malicious links are sent out from one connected contact to another. Since most of these contacts presumably know each other, there is a higher level of trust – and a tendency for any recipient to let their guard down when clicking on these links. Most threat activity we have seen on social networking sites come from harvested accounts, from worms like Koobface and phishing campaigns. These accounts are typically used in ad-hoc fashion to blast out messages or invites to their contacts. Mass mailers, now typically hosted on botnets, follow the same pattern: they harvest accounts, and send out spam to as many contacts as possible – and have been doing this for a very long time. Enter targeted attacks.

There has been an increasing trend of targeted attacks, ones that are premeditated and delivered to usually only a handful of recipients, if not just one. These are often delivered as poisoned documents that trigger exploits, and drop malware such as keylogger trojans. For a detailed investigation, you may read further here. In parallel with the increasing targeted attack front, we have witnessed an increase in document exploit activity. Figure 1 below shows a 6 month window of detected activity for common exploited document formats: XLS, DOC, and PDF:

With the amount of attacks that are circulating on next generation platforms, “Web 2.0″, whatever you want to call it – it is only a matter of time until cyber criminals become more aggressive and innovative with their methods. They have already started this transition and are in full-swing with targeted attacks through traditional e-mail, so it is likely that they will follow suit and expand their horizons to new channels. Harvested accounts from social networks are primed for targeted attacks, and in theory would be even more effective than the already dangerous targeted attacks through traditional e-mail. This is because of several factors:

1. Social networks host a wealth of information that would assist in social engineering hooks (think personal information and profiles, messages archived / posted, etc)
2. User bases have exploded on popular social network sites, and everybody is participating: from end users, celebrities / officials and enterprise (marketing, PR, executives, the list goes on)
3. Next generation platforms not only support the basic attack vectors that e-mail does (files and malicious links), but offer much more opportunities for attack, innovation and expansion
4. As I already pointed out, social networking rings / established contacts have a high degree of trust already

Framework is already in place to siphon account credentials with ease, as we have witnessed over the last year. With favored targeted attack methods becoming quite active (Figure 1 – poisoned documents), and ample opportunity on the horizon, it is suffice to say that the Internet is indeed a scary and hostile place. Always try to validate the identity of any contact, especially when file attachments or malicious links are involved.