Sophos reported that cyber attacks on social networking sites nearly doubled in 2010, a clear sign that the threat continues to grow at an alarming rate. A study by the IT security and control firm reveals dramatic increase in malware, phishing and spam through social networks, most prominently Facebook.
The findings from the Sophos Security survey showed that 95,000 malware pieces were tracked every day last year, nearly double the number in 2009. This accounts for one unique file every 0.9 seconds, 24 hours per day, each day of the year.
According to Sophos, 40 percent of social networking users quizzed have been sent malware such as worms via social networking sites, a 90 percent rise since April 2009. Sixty-seven percent say they have been spammed via social networking sites, more than double the proportion less than two years ago, while 43 percent have been on the receiving end of phishing attacks, more than double the figure since April 2009.
Unsurprisingly, scammers and malware purveyors targeted this massive and committed user base, with the number and diversity of attacks growing steadily throughout last year, says Sophos.
Rogue applications, clickjacking, survey scams – all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook, says Graham Cluley, senior technology consultant at Sophos.
One of the more common types of attack hitting Facebook users is clickjacking that use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different, says Sophos. Often sharing or liking the content in question sends the attack out to contacts through newsfeeds and status updates, spreading the scam.
Why aren't Faceboook and other social networks doing more to prevent spam and scams in the first place? asks Cluley. People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers.
A poll by Sophos in June 2010 found that 95 percent of respondents wanted Facebook to do more to prevent likejacking attacks - essentially clickjacking by liking something on Facebook - and urged the site impose stricter controls on the plugin.
The social media site, however, is either unable or unwilling to invest the necessary resources to stamp it out, says Sophos.
Sophos advices Facebook and other social network operators to impose a comprehensive opt-in system for all user content that would make it clear exactly what will be visible to whom and force users to make an explicit choice of how open to make their information. Such an approach would drastically improve the security of potentially sensitive information.
Understanding of the threats, the threat methods and the tools to protect ourselves now and in the future is the best and simplest way to minimize the danger, concludes Sophos.