Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

4/29/2014
11:00 AM
JD Sherry
JD Sherry
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Mobile & Social: The Tipping Point For Cybercrime

Spamming and scamming has moved to social media in full force, according to new research on the Twittersphere from Trend Micro.

Social media is fantastic. It continues to piece together the fabric of our lives, personally and professionally. Not only can you connect and socialize with friends new and old, but you can also network with colleagues about the latest in your field from around the globe at the speed of thought. It really is up to you to control how you interact with, consume, and share content.

The number of users flocking to platforms such as Facebook, Twitter, Instagram, Pinterest, and LinkedIn is exploding. Social media continues to permeate all demographics and all countries across the globe. With a population of hundreds of millions for each given platform, social media has become quintessential in how we live and carry out our daily lives.

Cybercriminals and threat actors will always shift focus to platforms of interest and capitalize on the popularity of an ecosystem. They do this to hunt easy prey and to carry out their elaborate and sophisticated business models. Even more so, they have come to realize that many consumers are accessing these platforms from unprotected devices. This would include mobile devices and PCs not equipped with standard anti-malware and web/domain reputation services, as well as packages that take direct aim at protecting user security and privacy within the social media realms.

We have fundamentally reached a tipping point in the amount of online services we access via our mobile devices versus traditional PCs and desktops. This has created new challenges as we look to consume and browse safely among these social media services.

I have conducted informal surveys at nearly every speaking event in which I have participated. In most cases, not even 25% of the respondents indicate they have some form of security software on their mobile device. This question is usually raised after the question of how many use their mobile device more to access the Internet than a PC. Most people in the room raise their hand after that inquiry.

Certainly, with IOS and other closed mobile app stores, it is difficult to acquire these types of security countermeasures. Android has approximately 80% of the mobile market share globally, and users can buy protection against high-risk and mobile malware attacks, in addition to web and domain reputation services to check malicious links. But many consumers and organizations are not taking these critical precautions, and the malware producers and attackers are taking notice. Social media platforms and their unprotected users are directly in their cross hairs. Ultimately, the attacker's end goal is to continue the proliferation of their craft and the long-term viability of their business model.

The research
Senior threat researchers from Trend Micro and Deakin University in Australia collaborated on an effort to look at nefarious Twitter activity. Communication with Twitter support was part of this process to ensure the research benefited everyone involved with the social media platform.

The researchers used the Trend Micro Smart Protection Network, our cloud-based threat intelligence platform, to parse and categorize tweets and feedback data. The e-platform collects more than 100 TB of sensor data a day, enabling the team to compile massive lists of bad web neighborhoods, files, and domains. The results were sobering and frightening. Spamming and scamming has moved to social media in full force, without question. In contrast to a similar study completed within the Twittersphere in 2010, blacklisting URLs indeed was effective at reducing the number of malicious links used in spam/scam campaigns.

Another major disconcerting factor in this research was the cascading problem resulting from the large numbers of compromised Twitter accounts. It truly is a vicious cycle. Compromised Twitter accounts can create exponential pain. Hijacked accounts trick other users into clicking on links and then continue to branch out to grab more credentials. In short, spam is sent to followers indicating that they should click on a link of interest. When the user clicks on the link from what appeared to be a trusted resource, the link produces a page that says the user's session has ended, and the user needs to log back into Twitter to read the message. Once this action occurs and the user inputs the credentials, it is game over. The user has been phished. The account becomes suspect and ripe to be hijacked with known credentials and used for malicious purposes.

This is most likely why we have seen such an increase in hijacked Twitter accounts from the news media and other highly visible industries. Couple this with the fact that many users still don't leverage two-factor authentication to protect their Twitter or other social media accounts, and you have a recipe for social media disaster. Fundamentally, this translated into 20,000 accounts a day potentially being compromised due to phishing campaigns, according to this research.

This can impact both mobile devices and traditional PCs -- anything leveraging a browser to input Twitter credentials. The Rand Corporation indicated in a recent Wall Street Journal article that compromised Twitter accounts were going for $16-$325 each within the shadow economy. Ironically, these are worth more than the going rate for stolen credit cards.

Social media platforms like Twitter are commanding the attention of threat actors. No matter if it is for hacktivism, cybercrime, or cyber-espionage, this is fertile ground for malicious intent and ill will. Actions can be leveraged to damage reputations and provide misinformation that can impact lives across the globe. Our own personal and professional brands are showcased in all of our social media activities.

Complete details on this research will be released at the Virus Bulletin International Conference this fall in Seattle. Please provide your comments in this forum, and we will be happy to try and address them. Also, check back here when the research is published in its entirety to see all the compelling findings made by the threat researchers.

JD Sherry is Chief Revenue Officer for Remediant, Inc. He has spent the last decade in executive senior leadership roles at Optiv Security, Cavirin and Trend Micro, and has successfully implemented large-scale public, private and hybrid clouds emphasizing ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/30/2014 | 9:55:29 AM
What is Twitter doing?
Fascinating blog JD and thanks for raising the alarm. Wondering what, if anything, Twitter is doing to stem the exposion in hijacked accounts? 
<<   <   Page 2 / 2
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.