Cyber criminals are becoming more clever every year when it comes to exploiting the trust of social media users and this translates into increased earnings, with malicious activities targeting social media platforms netting criminals roughly $3.25 billion per year.
To achieve such impressive results, the crooks have been quite busy, infecting one in five businesses with an active social media presence during 2018 and stealing approximately 1.3 billion social media accounts since 2013.
Additionally, as detailed by the "Social Media Platforms and the Cybercrime Economy" research by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey and sponsored by Bromium, social media-powered spear phishing attacks have also achieved a 30 to 60% success rate.
Social media-enabled crime quadrupled since 2013Out of an approximate total of $3 billion in yearly revenues generated using social media exploitation tactics, cybercriminals have been able to gain $1.9 billion via illegal pharmaceutical sales, $630 million from stolen data trading, $250 million using cryptomining malware, about $138 million via romance/dating fraud, and roughly $481 million by committing digital currency and financial fraud.
According to McGuire, "Data obtained from the ICC for this report shows reported crimes involving social media grew more than 300-fold between 2015-2017 in the US, while UK police data shows social media-enabled crime quadrupled between 2013 and 2018."
Malicious actors have also found success while taking advantage of the huge audience social media platforms expose because they can employ multiple malware delivery techniques to attack their targets.
More to the point, crooks were able to use malvertising campaigns, malicious add-ons, and plug-ins, web-based exploits relying on drive-by download attacks, as well as the highly popular funny video links that got "improved" with a malware twist.
"Social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals," commented Gregory Webb, CEO of Bromium. "Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high-value assets."
Social media used as crimeware marketplaceThe study also reveals that most social networks also come with an "over the counter" marketplace where various crimeware services and tools are being offered for sale, from a wide range of hacking tools and services, to botnets for hire and facilitated digital currency scams.
"Social platforms and dark web equivalents are becoming blurred, with tools, data and services being offered openly or acting as a marketing entry-point for more extensive shopping facilities on the dark web," stated Dr. McGuire.
Also, "For the enterprise, this raises a very real concern that the ready availability of cybercrime tools and services make it much easier for hackers to cyber attacks."
Social media-based attacks mitigationAs mitigation to the ever-increasing threat of social media-based cyber attacks, Bromium recommends application isolation as the most effective countermeasure:
Application isolation provides a unique defense against social media-enabled crime by isolating web pages and attachments within hardware-enforced virtual machines. If a user clicks on a malicious link or advert that contains malware, it is trapped and isolated from other applications and the network.
Using the application isolation method, both individuals and organizations can render malware completely ineffective, quarantining it from the main operating system and blocking the hackers' pathways to the loot.
"This allows employees to get on with their job without worrying about causing a breach, dramatically reducing harm to organizations and safeguarding high-value assets,"
concludes the report.
source
