The fastest growing threat to corporate networks is Web-based social media
applications, according to WatchGuard security researchers. These applications
can seriously compromise network security, expose sensitive data and create
productivity drains on employees.
The WatchGuard report predicted social networks will become the leading
malware vector over the next few years for three reasons: the culture of trust
they breed, the technical vulnerabilities inherent in many social networking
sites (as Facebook founder Mark Zuckerberg just found out) and the popularity
of social media sites, which makes them a target for hackers looking for a
return on their investment.
Facebook, Twitter and YouTube ranked as the top three Web-based social media
applications that pose a threat to businesses, followed by business-oriented
social networking site LinkedIn, 4chan and Chatroulette, a Web chat platform.
The report said because most users leverage LinkedIn to form business
relationships or find jobs, they tend to post more valuable and potentially
sensitive information to this social network.
"One would assume that very little damage could be done in 140 characters,
but this is an incorrect assumption. In some cases, Twitter's short form posts
lead to new vulnerabilities such as URL shorteners," the report warned. "While
URL shorteners can help save space in Twitter posts, they can also help hackers
hide malicious links. Furthermore, Twitter suffers from many Web 2.0 and API
related vulnerabilities that allow various attacks and even Twitter worms to
propagate among its users."
Many hackers spam their malware to the 4chan forums, the report cautioned, also
noting that 4chan has been involved in many Internet attacks attributed to
"anonymous," which is the only username that all the site's users can
obtain. Hackers often create malicious Web pages that masquerade as YouTube
video pages. Additionally, attackers like to spam the comment section of
YouTube videos with malicious links.
"Now more than ever, businesses need security tools to manage the myriad
of Web applications that flow in and out of corporate networks," said Eric
Aarrestad, vice president of marketing at WatchGuard. He said the complexity of
Web 2.0 applications can lead to imperfect code, which introduces social
network sites to many Web application vulnerabilities, such as SQL injection
and cross-site scripting (XSS) attacks.
"Furthermore, the whole concept of allowing an untrusted user to push
content onto your Website conflicts with traditional security paradigms,"
he said. "Simply put, this means social media sites are more likely to
suffer from Web vulnerabilities than less complex and less interactive Websites."
 |
/ 9 
