Bromium and Dr. Mike McGuire, senior lecturer in Criminology at Surrey University in the UK revealed in the second installment of the series ‘Web for Profit’ that cybercriminals are exploiting social media platforms as vectors to facilitate their illicit activities.
The report was based in a six-month study entitled “Social Media Platforms and the Cybercrime Economy’. It explores the role of social media platforms in facilitating cyber crimes such as malware proliferation and criminal recruitment.
McGuire said that the concept of trusted connection that social media platforms -like Facebook, Twitter, Snapchat, and Instagram – offer are exploited as used to “amplify, persuade, and spread malware more quickly than email or other attack vectors.”
The ‘trust element,’ that is not present in emails is leveraged by cybercriminals to facilitate a ‘chain exploitation.’
These exploits include not only data phishing and posting malicious links but also advertising, plugins, and sharing of malicious content.
The study claims that illegal social media operations have grown more prominent and the industry allows cybercriminals to earn up to more than $3.25 billion every year. It also estimates that 40 percent of malware infections originate from advertising while 30 percent came from plugins and malicious apps.
McGuire revealed that one out of five organizations in the world had been exposed to the attacks and data and money have also been stolen from them. Reports about cyber attacks using social media platforms have drastically increased to an unbelievable extent of 30,000℅ between 2015 and 2017, in the US alone.
Furthermore, more than 1.3 billion users of social media platforms have had their data compromised in the last five years.
Open sales of botnet hire and data trading has also become rampant, and cybercriminals are now forging connections for illicit purposes such as laundering and fraud.
Criminal recruitment done in social media platforms are also said to be very alarming. Since 2016, there was a 36% increase in the hire of money mules using social media platforms.
“These platforms have brought money laundering to the kind of individuals not typically associated with this crime — young millennials and generation Z,” says McGuire. “Data from UK banks suggests there might be as many as 8,500 money mule accounts in the UK owned by individuals under the age of 21, and most of this recruitment is conducted via social media.”
ZD Net, a tech website, argues that banning social media platforms in workplaces impacts organizational communication, reduce the range of sales and promotional channels available, and may not match today’s consumer expectations that reputable companies will manage a social media presence.
“Businesses must resist knee-jerk reactions to ban social media use altogether,” says Gregory Webb, CEO of Bromium. “Instead, organizations can reduce the impact of social media-enabled attacks by adopting layered defenses that utilize application isolation and containment. This way, social media pages with embedded but often undetected malicious exploits are isolated within micro separate virtual machines, rendering malware infections harmless. Users can click links and access untrusted social-media sites without risk of infection.” /apr