Social Networking Risks To Watch For

 

Practically everyone today uses some sort of social networking utility to communicate on a personal or professional level. While social networks bring a market difference in how business is achieved and accomplished, the other side of the issue is the high risk that is presented in their utilization. When using social networks one must always be mindful of the various inherent security risks.

Botnets and other related worms are the most prevalent botnets located on social networks. One particular worm named Koobface is the largest threat to date as it propagates itself across many social networks including Twitter, Facebook, MySpace, Friendster and others. As the botnet recruits more and more personal computers, hijacks more and more user accounts and sends spam to recruit more machines, they continue to increase botnet business with operations such as dating services from Russia and various scareware. Twitter accounts are being used more and more as a command-and-control center for Botnets in peer-to-peer file sharing and other related methods.

Phishing schemes are another social network threat. E-mails and malicious links to trick you to sign in to your Facebook account while you do not notice the redirecting URL address in your browser. Facebook accounts have become compromised using this technique. When you look at the number of Facebook users, greater than 350 million and counting, the number of users who are tricked in this method are staggering.

Antivirus Trojans are another threat. There are many ‘click here’ schemes were curiosity gets the best of users and instead of an entertaining or interesting webpage users receive Trojans including Zeus, a banking Trojan that is responsible for financial theft. URL Zone is another banking Trojan threat with the ability to figure out the true value of the unsuspecting user's bank account and assist the cyber criminal and financial theft.

While many users share personal information on a social network, users are known to share far too much information. This can be a downfall to organizations as users discussed various projects, financial information, business products, changes within the organization, gossip and dirt, and other related confidential information. Personal and professional information that is shared in this manner can lead to damages ordering from embarrassing issues all the way to legalities, policies, and compliances.

URL addresses that are shortened to save space hide the original URL address. Unfortunately users do not realize the actual link they may be clicking. These shortened links are a hacker's dream, as they could lead to malicious websites.

Advanced persistent threats collects personal information and intelligence of individuals of interest, including officers senior executives and other high net worth persons. As individuals of this nature post their personal and professional information on social networks, this information can be used to promote greater threats such as Trojans and malware that allows access to sensitive network systems. In a related issue social networks also have geo-tagging and GPS location capabilities that can alert anyone to your present location. This activity provides more fodder for cyber criminals to exploit.

Cross site request forgeries are a special type of attack in that they exploit the certificate trust an application possesses while logged into the user's browser. While the social network application does not check the referring header, an attack can arrive in the form of sharing a photo or related image in the user stream enticing other users to click on and spread the propagation.

It is very easy to hack into a social network account and impersonate that particular user. Impersonating another individual usually ends in embarrassing information being passed along but can also include smear campaigns and the insertion of malware.

As with all file sharing and information sharing platforms, there is a great deal of trust that is implied. From e-mail to instant messaging to online social networks, far too many individuals automatically click on a picture, an e-mail or webpage link, play a video file, or run an executable file they believe arrived from a friend or family member. Most of the time it is a harmless action and reaction. But there is always that one moment where a hacker or cyber criminal has captured one more user into their lair.

A CISSP boot camp is a very comprehensive method for users and organizations to take advantage of, as it provides an all-encompassing training course involving information security. The current social and global climate is enough proof that information security is an issue not to be taken lightly. Identity theft, the theft and embezzlement of financial information as well as monetary funds, the theft of sensitive and proprietary data and other related actions are mitigated when the topics and issues of information security are put into practice. Certified information security specialists are in great demand all over the world. Sources including K Alliance are a wonderful source of information security training.

About Us: Next Generation Training contains training courses involving customized tutorials, individual training courses, enterprise training solutions for businesses, and distance learning courses. Business soft skills aid managers and executives, while PMP project management training courses bring the advantage of procedures and processes that guarantee successful project delivery. Improved skills and abilities breeds success in the areas of desktop training, certification training, and other important tutorials. Everyone benefits from the Next Generation Training courseware.