Hackers are increasingly taking aim at Web 2.0 social networking sites, but it’s still probably dumb users who are most dangerous to a company’s network.
A new report issued last week by the security pros at Secure Enterprise 2.0 found that cybercriminals and online mischief makers are stepping up their attacks on social networking sites, which they see as fertile ground for hijacking users and re-directing them to bogus sites.
As the use of social networking skyrockets, it’s no wonder that malicious techs have directed their attention at these sites.
More users equals more potential victims, so popularity is sure to make these sites the targets of nefarious folks.
But more interesting in the report is the fact that by far the most frequent outcome is the leakage of sensitive information — likely information that should never have been posted to the site in the first place.
And for that, you can blame dumb users.
When we say dumb, we’re not accusing users of being mentally incompetent. We’re using dumb in the ignorant sense — dumb in the sense that they don’t understand the technology they are using and how what they are posting or their identity can be easily stolen.
Some facts from the report following trends in the targeting of Web 2.0 sites during Q1 of 2009:
- Web 2.0 services and sites lead the list with highest number of all recorded incidents (21%).
- Most popular attack vectors exploiting Web 2.0 features are SQL injection (21% of attacks) and authentication abuse (18%). A new emerging threat is Cross Site Request Forgery (CSRF) that currently ranks as the 6th most popular attack vector with 8% of the reported attacks.
- Leakage of sensitive information remains the most common outcome of Web hacks (29%), while disinformation follows with 26%, mostly due to hacking of online identities of celebrities.
If users in your organization are spending time on social networking sites, now might be a good time to educate them on the dangers they’ll find there.
Posting any information about your company or organization can lead to big trouble if a user’s online identity is stolen. Be sure to warn them that whether they’re using social networking sites for pleasure or business, there’s a risk to their activity that can impact them personally and professionally.
