In business history, Facebook will probably be heralded as one of the fastest growing businesses for this decade. As a result many companies have been tapping into the many business benefits of social networks.  In summary, some of these benefits include:

1. The ability to attract talented employees who are part of the digital generation (ie people who have grown up with social networks as their method of communication).

2. The ability to have more productive employees. Some research has suggested that employees who take breaks which can include chatting with friends, exploring new applications, playing games on the internet are likely to be more productive at work.

3. The ability to quickly resolve a business problem by being part of a social network group of people who have similar interests and who can therefore give advice when an employee of that group encounters a problem.

With a current membership of roughly 175 million active members worldwide, it is no wonder that cybercriminals worldwide have targeted Facebook users to increase their revenue streams.

In this article we will examine the threat and potential effects on corporate assets using two recent examples of how cybercriminals have leveraged social engineering tactics to subject Facebook members to worms, trojans, and other malware to infect an employee’s system.

In the second and third parts of this article we will examine the steps that organisations can take to protect themselves from social network based attacks should they wish to allow them as an aspect of improving their employee’s productivity.

SPAM Attack
Recently Facebook had proposed some controversial changes to their terms and conditions prompting a backlash from their membership. One enterprising hacker has managed to propagate a series of notices using existing user accounts. The notice essentially says that the user had allegedly been reported for infringing the website’s terms and conditions by a friend added in their contact lists, and instructed users to click on to a provided link which directed them to an application named ‘F a c e b o o k - closing down!!!’ Once installed, the application posted the same spam messages to all members in the victim’s contact list. User’s who had inadvertently downloaded the malware had inadvertently given hackers access to their profile.

Fortunately Facebook has since disabled the application for violating the Facebook Developer Terms of Service, however this was just one in a series of SPAM attacks on Facebook.

Worm Attacks
Another social engineering attack that hackers are using on social network users are to trick the users into downloading worms. Only recently a new variant of the Koobface worm has resurfaced. The Koobface worm was first detected last July and tricked Facebook recipients into downloading further malware by sending them a message from a friend with a message such as “You look funny in this video.” Clicking on the link provided takes the recipients to a Web site where they are prompted to download a Trojan masked as an Adobe Flash update. In the new Koobface variant, not only does it send email from a friend with a fake YouTube link, but it also pulls the friend’s Facebook picture and adds it to the bogus Youtube page.

Once on the Youtube page the worm then displays a message telling the recipient that their version of flash is incorrect and asks the recipient to download an update. When the user tries to download the update the error message below is displayed.

Figure 1 - Update error

However the worm has actually dropped its malware into the windows directory and executes the malware part of which is the worm itself. Once on the Facebook user’s system, the worm will use the following procedure to infect further people.

1. Search for login cookies and pass this information to remote servers.
2. Connect to website related to user’s login cookies
3. Navigate through the user’s website pages looking for the user’s contacts.
4. Once a contact is found, the worm will send a signal to a remote server
5. The remote server will then reply with a message that will then be sent to the user’s contacts.
6. This new message will also contain a link to a site where a copy of this worm can be downloaded to any of the user’s contacts who click on the link from their friend.

More information on Koobface can be found at Kapersky and McAfee.

Reputational Damage and Identity Theft
Social networks can also inadvertently cause potential reputational damage on a scale far greater than simply sharing corporate secrets down at the pub. When employees post information about their organisation to a social network, millions of other users can see the post. In addition cyber criminals can potentially steal user identities from information posted or from an employee’s profile. This information can then be leveraged to either access the employee’s bank account or credit card details or gain further access to the corporate network via calls to the helpdesk or other departments where the hacker poses as the employee.

Corporate Risk and Exposure
The threats listed above show several methods that social networks can cause havoc within your organisation. Every employee within your organisation who is allowed to use social networks on corporate systems will at some point face the risk of at least one of the threats listed above and more. The entry points used by Cyber criminals include:

• Bogus pages of potential friends and groups
• Malicious file downloads from sent links
• Rogue applications designed for social networks
• Spam

The end goals of these attacks include:

• information theft
• malware infection
• loss of their online identities
• loss of financial assets
• cyber-bullying of contacts.

Many of these attacks will be multi-vectored attacks such as the Koobface worm, which uses messaging, malware and remote servers as strategic components of its attack. Many employees add each other as friends in their social networks, so once one employee’s system is affected, it is only a matter of time before an epidemic could break out within your organisation.

Concerned? Then read part 2 and 3 of Social Networks Under Attack, where we look at the different actions companies can take to enable users to safely use social networks for business productivity.

Social networks can be leveraged to increase corporate productivity and efficiency. However there are too many theat vectors to just allow users to access them. Parts 2 and 3 deal with how security can be used to enable this productivity.