Social Media Security Basics Infographic

NBC News, Steve Wozniak, Sarah Palin – all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations. This Veracode infographic presents common social media hacks and explores how enterprises can mitigate the security concerns that stem from social media applications.

Veracode Social Media Security Basics

Add this Infographic to Your Website for FREE!

 

Small Version

Large Version

Infographic by Veracode Application Security

 

Barack Obama. Fox News. Britney Spears. Facebook. Dalai Lama. Lance Armstrong. What do all those people have in common? They’ve all had their Twitter accounts hacked.

With social media more popular than it’s ever been, so are viruses, malware and scams. Social media users must be familiar with the basics of security to stay safe.

 

Definition of Terms

Understanding how to be safe in the social networking environment means knowing the terms and issues users face.

 

Social Networking

  • The Big Four: Facebook, Twitter, LinkedIn, MySpace
  • Dozens More: Flickr, Google, Blogger, YouTube, Digg, etc.

 

The Perimeter

  • Social media lives “in the cloud,” which is more difficult to protect than traditional networks.

 

Viral Adoption

  • A system that evolves incrementally and gains momentum as is spreads.
  • The more interconnected we get, the more opportunity malware has to pop up.

 

Meme

  • The trending popular symbols, phrases and ideas.
  • Memes tend to “go viral.”

 

What is the Risk?

Social media is more than sharing information with friends and followers. It’s now ripe for viruses and attacks. So while social media is fun, there are risks.

 

Malware

  • Core distribution of malware is through social media sites.
  • Why is social media ripe for malware?
    • Decentralized
    • Interconnected
    • Mobile
    • Easy Access to Data

 

KoobFace – An example of recent malware on Facebook

  • KoobFace is a computer worm
  • It uses compromised computers to build a peer-to-peer botnet
  • KoobFace sent messages to Facebook users friends lists
  • KoobFace posted messages on Facebook walls so other friends would click
  • It was reported that KoobFace generated over $2 million in revenue

 

Targeted Attacks

  • Can defame your brand by hitting your followers
  • Further social engineering efforts
  • Data disclosure
  • Primary point of entry into organization

Attack!

Malware has a history of infecting Twitter and Facebook. But there are things users can do to minimize their risk.

 

Timeline of Twitter Attacks

  • 4/2007: SMS updates vulnerable
  • 8/2008: Trojan download attacks begin
  • 2/2009: Clickjacking attacks begin
  • 4/2009: XSS worm released
  • 4/2009: Internal admin tool hack
  • 6/2009: Trending topic abuse begins
  • 7/2009: Koobface
  • 1/2010: Banned 370 passwords
  • 5/2010: Force follow bug
  • 9/2010: Mouseover exploits found
  • 9/2011: Of top 10 most followed, only 2 have never been hacked
  • 9/2011: script_kiddiez rampage

 

Trending Topics Attack

Hackers watch the Twitter trending topics

  • Create or hack an account and send out spam trend messages with virus-laden links
  • Users click and … ATTACK!

 

Protect Your Passwords

  • 30% of people have passwords less than 6 characters
  • 60% of people have only alpha-numeric passwords
  • 50% of people use slang words, names, dictionary words or consecutive digits
  • ?? Secret Questions — easy to figure out
    • What does this mean? Passwords are easily hacked!
  • How to create a complex password:
    • Length: 8+ characters
    • Complex: letters, punctuation, symbols, and numbers
    • Variation: change passwords often (every 3 months)
    • Variety: Don’t use the same password for all your sites

 

Top 5 Categories of Facebook Spam

  • Stalking — 35%
  • Free stuff / social games (think Farmville dollars) — 16%
  • Shocking Curiosities — 14%
  • Features NOT offered by Facebook (poking) — 13%
  • Games NOT offered by Facebook — 8%
  • Other — 14%

 

Modes of Protection

It’s a dangerous world in social networking. Take steps to protect yourself!

 

Social Media Vendor

  • Implement better anomaly protection
  • Better warnings and alerts
  • Lock accounts
  • Analyze shortened links
  • Fix passwords and security questions

 

The Enterprise

  • Monitor outbound traffic
  • Educate employees on Socia Media safety and best practices

 

How YOU Protect Yourself

  • Be careful who you friend and follow
  • Avoid add-ons
  • Don’t assume Twitter and Facebook are scanning for viruses
  • Scrutinize Bit.ly links
  • Always use the current version of your web browser
  • Keep Windows OS and Adobe current
  • You’re not safe just because you’re a Mac user
  • Be wary of email to you from social networks

 

Conclusion

You don’t have to avoid all forms of Social Media to be protected. But you do have to be aware of malware and scams. Educate employees as well on Social Media safety and best practices to reduce your company’s risk from costly losses and identity theft.

Veracode Security Guides
Data Security Resources
Veracode Security Solutions

Android Apps Security
SDLC
Vulnerability Scanner
Injection Attack
Facebook Security Settings
Internet Security
Mobile Security
iOS Security Guide
Web Page Security
Vulnerability Assessment

Some Basics on Social Media Security [Infographic] | Search Engine Journal | March 29, 2012 11:00 am

[...] Veracode released an infographic with what I think is some downright serious information (imagine that with my slight Texas accent). Social media has become an addiction in my opinion. People are checking Facebook and Twitter more than they check email now-a-days. Social media is also the foundation of many relationships for many people out there, so protecting accounts is important. [...]

Social Media security: How To Create A Complex Password [Infographic] | July 12, 2012 2:11 am

[...] and Mr. Dalai Lama – the man known as the symbol of peace. To avoid this stealing activity, Veracode application security testing platform has mapped an Infographic which will help people to stay safe from future hacking or getting your [...]

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

RSS feed for comments on this post