Sophos report reveals increase in social networking security threats

Security Threat Report 2011

Sophos Security Threat Report 2011
Sophos has today published its annual Security Threat Report, looking back at the last twelve months and ahead to the threats we can expect to encounter during 2011.

Inside you’ll find a wide variety of threats discussed including:

  • Social networking threats
  • Fake anti-virus
  • Stuxnet
  • SEO poisoning
  • Data loss and encryption
  • Web threats
  • Email threats
  • Spam
  • Malware trends
  • Windows 7
  • Apple Macs
  • Mobile devices and smartphones
  • Cybercrime
  • Hacktivism

One of the key findings is that reports of social networking spam and malware attacks have risen once again.

By mid-2010, Facebook recorded half a billion active users, making it not only the largest social networking site, but also one of the most popular destinations on the web. Unsurprisingly, this massive and committed user base is heavily targeted by scammers and cybercriminals, with the number and diversity of attacks growing steadily throughout 2010 – malware, phishing and spam on the various social networks have all continued to rise in the past year.

Sophos polled users asking if they had received spam, phishing or malware attacks via social networks. This is how they responded:

Social networking survey results

To explain that graph another way:

  • 40% of social networking users quizzed have been sent malware such as worms via social networking sites, a 90% increase since April 2009
  • Two thirds (67%) say they have been spammed via social networking sites, more than double the proportion less than two years ago
  • 43% have been on the receiving end of phishing attacks, more than double the figure since April 2009

This isn’t just a problem for home users. Many people check their social networking accounts from the workplace, making the sites a potential vector for attacks against businesses.

There’s no doubt that cybercriminals are showing a much higher level of interest in the social networks than ever before, with Facebook being the site they are targeting the most.

Facebook’s recently clumsy introduction of a feature which would allow rogue application developers to access users’ mobile phone numbers and home addresses (and its subsequent temporary withdrawal while it rethinks its approach) makes me question whether privacy and security are part of the company’s DNA.

I see two possibilities.

Either Facebook simply doesn’t “get” security and privacy. Or it just doesn’t care.

I really hope it’s the former. Because if it is, there’s still a chance that Facebook can build a network that is secure for its users and will make its users’ privacy a top priority.

There’s a real problem, though, if Facebook just doesn’t care that much about privacy and security. Because 500+ million users are going to find it very difficult to wrench themselves away from the world’s most popular social network.

Download the Sophos Security Threat Report 2011

Download your free copy of the Sophos Security Threat Report 2011 now and learn more about not just social networking dangers, but also the many other security threats faced by businesses and computer users.