Cybercriminals' use of Facebook, Twitter and other social media in targeting individuals with malware is an underreported problem that affects many organizations, says one security expert.
Security company Cyber Squared reported this week how three Chinese political activists in and outside of the country were sent tweets from Twitter that contained links to two compromised websites. The sites, which included a Chinese language forum and a Tibet-related WordPress blog, loaded Adobe Flash exploits.
The tweets were sent Feb. 28 under the malicious Twitter account @hahadaxiao1. Cyber Square notified the social network two days later about the account and the associated attacks.
Targeted attacks through social media tend to be undetected by companies, so the number of attacks is underreported, said Rich Barger, chief intelligence officer for Cyber Squared.
"I think this is entirely underreported and under-detected," Barger said. "I don't think folks are looking for it."
Twitter and Facebook are often used by cybercriminals to communicate with malware in an infected computer. One of the first examples was in 2009 when Symantec reported that a Facebook account was being used to send configuration data to a Whitewell Trojan. An actual command-and-control server handled all the other chores.
The use of social media to distribute malicious links to specific individuals makes sense because of the amount of personal information available to cybercriminals through social networks. Depending on how much of a person's profile is shared publicly, a criminal can sometimes learn enough to tailor a tweet or message to trick the recipient into clicking a link.
Also, the number of employees on social media is increasing, as companies incorporate the use of Twitter and Facebook for marketing purposes. As a result, social networks are often becoming the source for targeted attacks.
"It's growing in terms of its choice for attackers, especially when you consider how social media is being adopted almost as a standard business practice," Barger said.
The latest targeted attack shows how cybercriminals are broadening their tactics in going after individuals. In March, Kaspersky Lab reported how the hacked email account of a high-profile Tibetan activist was used in sending spear-phishing emails to not just Windows and Mac OS X computers but also Android smartphones.
"It demonstrates that in a targeted attack situation, the attackers aren't limited to a single vector," Holland said. "Whatever attack vector is required to accomplish mission objectives will be utilized."
To reduce risks, companies should make employees aware of the possibility of becoming a target by way of social media, Holland said. In addition, companies need to monitor traffic coming from social networks in order to spot abnormal behavior.
Sign up for Computerworld eNewsletters.