Sophos has today published its annual Security Threat Report, looking back at the last twelve months and ahead to the threats we can expect to encounter during 2011.
Inside you’ll find a wide variety of threats discussed including:
- Social networking threats
- Fake anti-virus
- Stuxnet
- SEO poisoning
- Data loss and encryption
- Web threats
- Email threats
- Spam
- Malware trends
- Windows 7
- Apple Macs
- Mobile devices and smartphones
- Cybercrime
- Hacktivism
One of the key findings is that reports of social networking spam and malware attacks have risen once again.
By mid-2010, Facebook recorded half a billion active users, making it not only the largest social networking site, but also one of the most popular destinations on the web. Unsurprisingly, this massive and committed user base is heavily targeted by scammers and cybercriminals, with the number and diversity of attacks growing steadily throughout 2010 – malware, phishing and spam on the various social networks have all continued to rise in the past year.
Sophos polled users asking if they had received spam, phishing or malware attacks via social networks. This is how they responded:
To explain that graph another way:
- 40% of social networking users quizzed have been sent malware such as worms via social networking sites, a 90% increase since April 2009
- Two thirds (67%) say they have been spammed via social networking sites, more than double the proportion less than two years ago
- 43% have been on the receiving end of phishing attacks, more than double the figure since April 2009
This isn’t just a problem for home users. Many people check their social networking accounts from the workplace, making the sites a potential vector for attacks against businesses.
There’s no doubt that cybercriminals are showing a much higher level of interest in the social networks than ever before, with Facebook being the site they are targeting the most.
Facebook’s recently clumsy introduction of a feature which would allow rogue application developers to access users’ mobile phone numbers and home addresses (and its subsequent temporary withdrawal while it rethinks its approach) makes me question whether privacy and security are part of the company’s DNA.
I see two possibilities.
Either Facebook simply doesn’t “get” security and privacy. Or it just doesn’t care.
I really hope it’s the former. Because if it is, there’s still a chance that Facebook can build a network that is secure for its users and will make its users’ privacy a top priority.
There’s a real problem, though, if Facebook just doesn’t care that much about privacy and security. Because 500+ million users are going to find it very difficult to wrench themselves away from the world’s most popular social network.
Download the Sophos Security Threat Report 2011
Download your free copy of the Sophos Security Threat Report 2011 now and learn more about not just social networking dangers, but also the many other security threats faced by businesses and computer users.
Nice cat!
What that report needs is a FERRET picture, not a cat picture!
Great report, I completely agree with the outlook for 2011, whilst it is encouraging to hear that Facebook have taken a u-turn with application’s access to confidential information, further steps should be taken to protect the 500+ million users, particularly as many users are very young. The use of popular trends, and keywords on Twitter and Facebook looks set to continue for cybercriminals as a quick way to mislead others.
“Either Facebook simply doesn’t “get” security and privacy. Or it just don’t care.”
People are not aware with their attitude but definitely there will be a day when nobody will join any Social networks..
I don’t think anybody should post their original PII on any social networking website like FB…
Tried downloading the .pdf and it crashed Opera and the downloaded file was corrupted.
Hmm.. weird. It's working for me ok. Admittedly I haven't tried with Opera.
Here's the direct link http://www.sophos.com/sophos/docs/eng/papers/soph…
Anyone else having trouble?
Yes I had a problem (twice), but after getting the direct link, it worked. I use Firefox on a Macbook with version 9.3.4 version of Acrobat Reader. After fully downloading without download errors, Acrobat Reader said the PDF had errors when it opened the file. But when I used the direct link, it loaded correctly. Very weird but I feel OS-X sometimes cannot associate PDF's when downloaded from a "redirected" link.
"Either Facebook simply doesn't "get" security and privacy. Or it just don't care."
It's neither. They are savvy enough to understand and protect their users. They do care, just not about us. They care about money in a big way. The more open and transparent they can trick us into being, the money money they earn from advertisers and developers. IMO they are much worse than the scammers, hackers and stalkers they are enabling. They have found a way to do it legally, even if morally questionable. They only thing that will change this is if they start losing a large amount of users due to their policies. But even if they do lose current users, they are picking up enough new users to offset that. And Facebook users, like the voting public, have extremely short memories. They like to make a big stink at first, but they they sink back into their apathy.
Maybe though, it is just a huge experiment to see how stupid, gullible and clueless people really are. It seems most of their users have no clue about why or how they should protect themselves on social networks. Especially the younger users. I see plenty of my friends with kids on Facebook, and the parents have done nothing to protect their kids. Their information is public for the whole world to see.
Someday something else will come along, and Facebook will be a thing of the past, like Myspace. Until that day, I see little hope that Facebook will begin to respect the security and privacy of its users.
you can lead a horse to water …… this about sums up my experiences trying to pass on info about social networking (and most specifically Facebook) hazards. I share and email your info frequently and still I hear – my machine is infected!
Love the pic of Ginger
BTW I actually still prefer MySpace for keeping in touch
I appreciate the research Sophos conducts in the area of social network security. Keep up the great work! By personal observation and the logic of threat evolution, I agree that attackers are increasingly turning to social networking sites for fraudulent activities.
However, I would like to make a note regarding the specific method that Sophos used in this study to conclude that social networking threats are growing. The data is based on responses from social networking users. An alternative explanation for the observed increase in spam, phishing and malware is that the users are merely becoming better at noticing that they have been targeted with such attacks.
Lenny Zeltser http://blog.zeltser.com
Hello can you get printed copies?
Hey Thanks for posting such great information. I'm just a regular user but I appreciate tips and information on how to reduce your attack vector! Any tips to prevent drive by downloads? (besides careful surfing)
“Because 500+ million users are going to find it very difficult to wrench themselves away from the world’s most popular social network.”
I suspect wrenching is not how things will happen. Weaning (due to the ‘souring’ of the social environment) seems a more likely mechanism.
Thanks for this report
i just don’t understand why these hacker do it or what they get out of it, i went online the other day & some has changed ALL my passwords on all the sites i go on, from forums to itunes, & i don’t understand how it happened as i thought i’d got a good antivirus on, kaspersky, av had to change it, but it’s a real pain when they do this to you. i wish they’d put it to some good use & help us no hinder us.