Mobile
4/29/2014
11:00 AM
JD Sherry
JD Sherry
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Mobile & Social: The Tipping Point For Cybercrime

Spamming and scamming has moved to social media in full force, according to new research on the Twittersphere from Trend Micro.

Social media is fantastic. It continues to piece together the fabric of our lives, personally and professionally. Not only can you connect and socialize with friends new and old, but you can also network with colleagues about the latest in your field from around the globe at the speed of thought. It really is up to you to control how you interact with, consume, and share content.

The number of users flocking to platforms such as Facebook, Twitter, Instagram, Pinterest, and LinkedIn is exploding. Social media continues to permeate all demographics and all countries across the globe. With a population of hundreds of millions for each given platform, social media has become quintessential in how we live and carry out our daily lives.

Cybercriminals and threat actors will always shift focus to platforms of interest and capitalize on the popularity of an ecosystem. They do this to hunt easy prey and to carry out their elaborate and sophisticated business models. Even more so, they have come to realize that many consumers are accessing these platforms from unprotected devices. This would include mobile devices and PCs not equipped with standard anti-malware and web/domain reputation services, as well as packages that take direct aim at protecting user security and privacy within the social media realms.

We have fundamentally reached a tipping point in the amount of online services we access via our mobile devices versus traditional PCs and desktops. This has created new challenges as we look to consume and browse safely among these social media services.

I have conducted informal surveys at nearly every speaking event in which I have participated. In most cases, not even 25% of the respondents indicate they have some form of security software on their mobile device. This question is usually raised after the question of how many use their mobile device more to access the Internet than a PC. Most people in the room raise their hand after that inquiry.

Certainly, with IOS and other closed mobile app stores, it is difficult to acquire these types of security countermeasures. Android has approximately 80% of the mobile market share globally, and users can buy protection against high-risk and mobile malware attacks, in addition to web and domain reputation services to check malicious links. But many consumers and organizations are not taking these critical precautions, and the malware producers and attackers are taking notice. Social media platforms and their unprotected users are directly in their cross hairs. Ultimately, the attacker's end goal is to continue the proliferation of their craft and the long-term viability of their business model.

The research
Senior threat researchers from Trend Micro and Deakin University in Australia collaborated on an effort to look at nefarious Twitter activity. Communication with Twitter support was part of this process to ensure the research benefited everyone involved with the social media platform.

The researchers used the Trend Micro Smart Protection Network, our cloud-based threat intelligence platform, to parse and categorize tweets and feedback data. The e-platform collects more than 100 TB of sensor data a day, enabling the team to compile massive lists of bad web neighborhoods, files, and domains. The results were sobering and frightening. Spamming and scamming has moved to social media in full force, without question. In contrast to a similar study completed within the Twittersphere in 2010, blacklisting URLs indeed was effective at reducing the number of malicious links used in spam/scam campaigns.

Another major disconcerting factor in this research was the cascading problem resulting from the large numbers of compromised Twitter accounts. It truly is a vicious cycle. Compromised Twitter accounts can create exponential pain. Hijacked accounts trick other users into clicking on links and then continue to branch out to grab more credentials. In short, spam is sent to followers indicating that they should click on a link of interest. When the user clicks on the link from what appeared to be a trusted resource, the link produces a page that says the user's session has ended, and the user needs to log back into Twitter to read the message. Once this action occurs and the user inputs the credentials, it is game over. The user has been phished. The account becomes suspect and ripe to be hijacked with known credentials and used for malicious purposes.

This is most likely why we have seen such an increase in hijacked Twitter accounts from the news media and other highly visible industries. Couple this with the fact that many users still don't leverage two-factor authentication to protect their Twitter or other social media accounts, and you have a recipe for social media disaster. Fundamentally, this translated into 20,000 accounts a day potentially being compromised due to phishing campaigns, according to this research.

This can impact both mobile devices and traditional PCs -- anything leveraging a browser to input Twitter credentials. The Rand Corporation indicated in a recent Wall Street Journal article that compromised Twitter accounts were going for $16-$325 each within the shadow economy. Ironically, these are worth more than the going rate for stolen credit cards.

Social media platforms like Twitter are commanding the attention of threat actors. No matter if it is for hacktivism, cybercrime, or cyber-espionage, this is fertile ground for malicious intent and ill will. Actions can be leveraged to damage reputations and provide misinformation that can impact lives across the globe. Our own personal and professional brands are showcased in all of our social media activities.

Complete details on this research will be released at the Virus Bulletin International Conference this fall in Seattle. Please provide your comments in this forum, and we will be happy to try and address them. Also, check back here when the research is published in its entirety to see all the compelling findings made by the threat researchers.

JD Sherry has successfully implemented large-scale public, private, and hybrid clouds, leveraging the latest in virtualization technologies. For the past decade, JD has established himself as a trusted senior advisor and cloud security specialist for the Payment Card Industry ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Monoranjang
50%
50%
Monoranjang,
User Rank: Apprentice
7/14/2014 | 1:06:30 AM
Re: What is Twitter doing?
Yes... I think we can develop some apps which can help to trap the criminals. The concept would be same, how an antivirus software can detect & trap malicius software. In this case we would not just trap the malicious software & propect our system but also take legal actions against the criminals.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/11/2014 | 9:41:03 AM
Re: What is Twitter doing?
Thanks for your comment @Monoranjang. Wondering if you have any specfic thoughts on what Twitter & FB should be doing to catch criminals and spread user awareness. 
Monoranjang
100%
0%
Monoranjang,
User Rank: Apprentice
7/11/2014 | 2:24:23 AM
Re: What is Twitter doing?
While we develop secured antiviral softwares & use in our devices, it is very important to

1. Pass an Internal Cybercrime Law againt the companies/organizations/individuals who is/are hosting hacking applications or plyaing any tricks to cheat users.

2. Big bosses of Twitter/Facebok must allocate a good bidget to catch the criminals & spread awareness among people through their social networking apps.

 
jd.sherry
50%
50%
jd.sherry,
User Rank: Author
5/21/2014 | 10:27:20 AM
Re: What is Twitter doing?
We all do love our apps don't we?  Having one or more apps in all of the major stores is important ,if not essential for businesses without question.  However many times the apps have much more web components underneath than you realize. Talking to back end web/app servers (think Heartbleed) and other pieces of infrastructure that piece together the overall experience for the user. Organizations need to ensure that their apps and websites have a tightly integrated security fabric to make sure the experience from a mobile app is enjoyable but equally secure.  I don't see a difference in security philosophy from either platform, web or mobile.  In fact, the two are intrinsically intertwined.
JamieJ716
100%
0%
JamieJ716,
User Rank: Apprentice
5/21/2014 | 4:33:53 AM
Re: What is Twitter doing?
All the social sites are doing well but now the smartphone mbile apps are going to be the Boss of all these.

 
jd.sherry
50%
50%
jd.sherry,
User Rank: Author
5/2/2014 | 10:32:59 AM
Re: Preaching to the choir? (Hope not)
Marilyn,

It is pretty consistent across all my talks which can have participants that range from CEO to clerical staff.  Even the security geeks are not immune to taking this unprotected approach unfortunately.  Mobile malware (particularly Android OS) is the shift from traditional Windows/PC based attacks.  More people are accessing senstiive sites and the internet in general from their mobile devices than PC's so that is where the attackers will focus and nefarious business models will flourish. Especially with so many of the users going without protection.
jd.sherry
50%
50%
jd.sherry,
User Rank: Author
5/1/2014 | 9:29:44 AM
Re: What is Twitter doing?
Excellent insight on the intelligence factor. Totally agree with you there.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/1/2014 | 9:29:23 AM
Preaching to the choir? (Hope not)
JD, I found it particularly disconcerting that in informal polling of the audience at your speaking engagements, so few (<25%) said they had a form of security software on their mobile device. Was there a difference in the response based on the composition of the audience? I'd be horrified if that was prevalent in your talks to security experts.

 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/1/2014 | 4:47:52 AM
Re: What is Twitter doing?
Social media are a privileged target of cyber criminals and state-sponsored hackers. Many illicit activities are exploiting social media platforms like phishing, spear phishing, watering hole and malware based attacks. Social media allow instantly to reach a wide audience. Don't forget also that they are also an excellent instrument for OSINT activity and also the ideal tools for PSYOps (see Arab spring) 
jd.sherry
50%
50%
jd.sherry,
User Rank: Author
5/1/2014 | 3:21:53 AM
Re: What is Twitter doing?
Blacklisting and account suspension is helping tremendously. I also think the continued education and adoption of two factor authentication is imperative.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Experienced reindeers wanted
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.