How Safe Is YOUR Social Network?
Post on 31-Aug-2014
5399 Views
Preview:
DESCRIPTION
Transcript
SOCIAL MEDIA STATS
49%FEMALE USERS
51%MALE USERS
310,000,000UNIQUE VISITORS
28%FEMALE USERS
72%MALE USERS
GOOGLE +
20,000,000UNIQUE VISITORS
27,500,000 48%FEMALE USERS
52%MALE USERSUNIQUE VISITORS
STUMBLE UPON
55%FEMALE USERS
45%MALE USERS
180,000,000UNIQUE VISITORS
25%FEMALE USERS
75%MALE USERS
13,752,948UNIQUE VISITORS
AVERAGE MINUTES PER VISITOR PER MONTH
6.75 HOURS
1.5 HOURS
PINTERESTTWITTER
21 MINUTES
17 MINUTES
GOOGLE +
3MINUTES
STUMBLE UPON
1.5 HOURS
SOCIAL MEDIA PRIVACY SCORESbased off of 260 metrics from data-collection to privacy policies.
1
.9
.8
.7
.6
.5
.4
.3
.2
.1
CLASSMATES.COM
MYSPACE HI5
FRIENDSTER
PRIV
ACY
SCOR
E
(weak)
(average)
(strong)
SOCIAL NETWORKING WORMS Enlist more machines into its botnet, and hijack more accounts to send more spam to enlist more machines. All the while making money with the usual botnet business, including scareware and Russian dating services.
Multiple worm attacks. Mikeyy worm started to spread via Twitter posts by encouraging you to click on a link.
1/6/2013TWITTER
TOP 10 THREATS
PHISHING BAITThe e-mail that lured you to sign into Facebook, hoping you don't pick up on the fbaction.net URL in the browser.
Phishing attacks designed to gain passwords for profit.FACEBOOK 5/18/2013
TROJANSURL Zone is a similar banking Trojan, but even smarter, it can calculate the value of the victim's accounts to help decide the priority for the thief.
SHORTENED LINKSURL shortening services (e.g., Bit.ly and Tinyurl) to fit long URLs into tight spaces. They also do a nice job of obfuscating the link so it isn't immediately apparent to victims that they're clicking on a malware install.
DATA LEAKSUsers share a bit too much about the organization -- projects, products, financials, organizational changes, scandals, or other sensitive information.
Passwords have been stolen. 6 million were compromised.LINKEDIN 6/6/2012
ADVANCED PERSISTENT THREATS (APT) is the gathering of intelligence about persons of interest (e.g., executives, officers, high-net-worth individuals), for which social networks can be a treasure trove of data.
BOTNETSTwitter accounts being used as a command and control channel for a few botnets. The standard command and control channel is IRC, but some have used other applications -- P2P file sharing in the case of Storm -- and now, cleverly, Twitter.
!
CROSS-SITE REQUEST FORGERY (CSRF)CSRF attacks exploit the trust a social networking application has in a logged-in user's browser. So as long as the social network application isn't checking the referrer header, it's easy for an attack to "share" an image in a user's event stream that other users might click on to catch/spread the attack.
IMPERSONATIONSeveral impersonators have gathered hundreds and thousands of followers on Twitter -- and then embarrassed the folks they impersonate.
TRUSTLike e-mail, when it hit the mainstream, or instant messaging when it became ubiquitous, people trust links, pictures, videos and executables when they come from "friends".
87% of small to medium-sized businesses do not have formal, written internet security policies.
70% of these businesses lack policies for employees’ use of social media, despite the fact that they are increasingly favored by cybercriminals for phishing attacks.
Once an attacker gains access to their account, they can easily find a way to mine more information and to use this to access their other accounts. The same is true for corporate accounts, which are publicly available on sites, like LinkedIn.
!
90% of sites don’t require a full name or date of birth for permission to join.
80% of users failed to use standard encryption protocols to protect sensitive user data from hackers.
71% of websites reserve the right to share user data with third parties in their privacy policies.
CLICK TO SEE THE FULL INFOGRAPHIC HERE:
RESOURCEShttp://preibusch.de/publications/Bonneau_Preibusch__Privacy_Jungle__2009-05-26.pdfhttp://www.hula-hub.com/2012/03/21/top-social-media-statistics-infographic-2012/http://www.marketingprofs.com/charts/2010/3596/social-networks-influential-not-always-trustedhttp://www.digitaladvocate.net/?p=504http://mashable.com/2012/11/28/social-media-time/http://www.networkworld.com/news/2010/010710-social-networking-hacks.html?page=2http://detroit.cbslocal.com/2012/06/06/report-linkedin-networking-site-hacked/http://blog.ussignalcom.com/blog-1/bid/278223/Cyber-Attacks-2013-Hackers-Exploit-Social-Mediahttp://about-threats.trendmicro.com/us/webattack/75/spam%20scams%20and%20other%20social%20media%20threatshttp://www.computerweekly.com/news/1280090217/Privacy-rankings-LinkedIn-and-Bebo-high-Facebook-and-MySpace-average-Badoo-low
top related