The fastest growing threat to corporate networks is Web-based social media applications, according to WatchGuard security researchers. These applications can seriously compromise network security, expose sensitive data and create productivity drains on employees.
The WatchGuard report predicted social networks will become the leading malware vector over the next few years for three reasons: the culture of trust they breed, the technical vulnerabilities inherent in many social networking sites (as Facebook founder Mark Zuckerberg just found out) and the popularity of social media sites, which makes them a target for hackers looking for a return on their investment.
Facebook, Twitter and YouTube ranked as the top three Web-based social media applications that pose a threat to businesses, followed by business-oriented social networking site LinkedIn, 4chan and Chatroulette, a Web chat platform. The report said because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.
“One would assume that very little damage could be done in 140 characters, but this is an incorrect assumption. In some cases, Twitter’s short form posts lead to new vulnerabilities such as URL shorteners,” the report warned. “While URL shorteners can help save space in Twitter posts, they can also help hackers hide malicious links. Furthermore, Twitter suffers from many Web 2.0 and API related vulnerabilities that allow various attacks and even Twitter worms to propagate among its users.”
Many hackers spam their malware to the 4chan forums, the report cautioned, also noting that 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all the site’s users can obtain. Hackers often create malicious Web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.
“Now more than ever, businesses need security tools to manage the myriad of Web applications that flow in and out of corporate networks,” said Eric Aarrestad, vice president of marketing at WatchGuard. He said the complexity of Web 2.0 applications can lead to imperfect code, which introduces social network sites to many Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks.
“Furthermore, the whole concept of allowing an untrusted user to push content onto your Website conflicts with traditional security paradigms,” he said. “Simply put, this means social media sites are more likely to suffer from Web vulnerabilities than less complex and less interactive Websites.”