Cybercriminals are becoming more clever every year when it comes to exploiting the trust of social media users and this translates into increased earnings, with malicious activities targeting social media platforms netting criminals roughly $3.25 billion per year.To achieve such impressive results, the crooks have been quite busy, infecting one in five businesses with an active social media presence during 2018 and stealing approximately 1.3 billion social media accounts since 2013.Malicious actors have also found success while taking advantage of the huge audience social media platforms expose because they can employ multiple malware delivery techniques to attack their targets.
More to the point, crooks were able to use malvertising campaigns, malicious add-ons and plug-ins, web-based exploits relying on drive-by download attacks, as well as the highly popular funny video links that got “improved” with a malware twist.“Social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals,” commented Gregory Webb, CEO of Bromium. “Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”
The study also reveals that most social networks also come with an “over the counter” marketplace where various crimeware services and tools are being offered for sale, from a wide range of hacking tools and services, to botnets for hire and facilitated digital currency scams. “Social platforms and dark web equivalents are becoming blurred, with tools, data and services being offered openly or acting as a marketing entry-point for more extensive shopping facilities on the dark web,” stated Dr. McGuire. Also, “For the enterprise, this raises a very real concern that the ready availability of cybercrime tools and services make it much easier for hackers to launch cyberattacks.”
As mitigation to the ever-increasing threat of social media-based cyber attacks, Bromium recommends application isolation as the most effective countermeasure: Application isolation provides a unique defence against social media-enabled crime by isolating web pages and attachments within hardware-enforced virtual machines. If a user clicks on a malicious link, or advert that contains malware, it is trapped and isolated from other applications and the network. Using the application isolation method, both individuals and organizations can render malware completely ineffective, quarantining it from the main operating system and blocking the hackers’ pathways to the loot. “This allows employees to get on with their job without worrying about causing a breach, dramatically reducing harm to organizations and safeguarding high value assets,” concludes the report.