Finance News & Insights

Best of FinanceTech: Dumb Facebook users: Hackers' new best friends

Hackers are increasingly taking aim at Web 2.0 social networking sites, but it’s still probably dumb users who are most dangerous to a company’s network.

A new report issued last week by the security pros at Secure Enterprise 2.0 found that cybercriminals and online mischief makers are stepping up their attacks on social networking sites, which they see as fertile ground for hijacking users and re-directing them to bogus sites.

As the use of social networking skyrockets, it’s no wonder that malicious techs have directed their attention at these sites.

More users equals more potential victims, so popularity is sure to make these sites the targets of nefarious folks.

But more interesting in the report is the fact that by far the most frequent outcome is the leakage of sensitive information — likely information that should never have been posted to the site in the first place.

And for that, you can blame dumb users.

When we say dumb, we’re not accusing users of being mentally incompetent. We’re using dumb in the ignorant sense — dumb in the sense that they don’t understand the technology they are using and how what they are posting or their identity can be easily stolen.

Some facts from the report following trends in the targeting of Web 2.0 sites during Q1 of 2009:

  • Web 2.0 services and sites lead the list with highest number of all recorded incidents (21%).
  • Most popular attack vectors exploiting Web 2.0 features are SQL injection (21% of attacks) and authentication abuse (18%). A new emerging threat is Cross Site Request Forgery (CSRF) that currently ranks as the 6th most popular attack vector with 8% of the reported attacks.
  • Leakage of sensitive information remains the most common outcome of Web hacks (29%), while disinformation follows with 26%, mostly due to hacking of online identities of celebrities.

If users in your organization are spending time on social networking sites, now might be a good time to educate them on the dangers they’ll find there.

Posting any information about your company or organization can lead to big trouble if a user’s online identity is stolen. Be sure to warn them that whether they’re using social networking sites for pleasure or business, there’s a risk to their activity that can impact them personally and professionally.

Print Friendly

Subscribe Today

Get the latest and greatest finance news and insights delivered to your inbox.
  • Anne

    My biggest problem is getting my co-workers to tell their friends NOT to send attachments that are known to have problems. One guy’s computer was down, so he was using the boss’ computer. He opened an attachment (from a friend) that sent a virus into the boss’ computer. His computer crashed and I had to deal with the aftermath. Needless to say, I was pissed! I told the guy to tell his friend, if I ever found him, he would not like the outcome of the meeting.

    I asked this guy why his friend sent him this attachment and he said ‘He thought it was funny!’. I said, ‘Funny to send a known virus to someone’s computer, especially the boss’!?’ The boss does not give his password out to anyone now! Anyone that goes in his office and tries to use his computer, even his sister, asks me what the password is. I say, ‘He changed it again?? Well, then I don’t know what it is. Sorry.’

    I love playing ignorant! It’s so much fun.