Employees Extensively Using Social Networks, Putting Companies at Risk

Hackers are putting in their energies to spread their malware through social networking websites such as Facebook and Twitter as more and more workers are spending a great deal of their time on these websites. Consequently, the possibilities of spreading malicious codes across social networks and workstations have increased.

These findings have been made public by a recent report from the Secure Enterprise 2.0 Forum, an industry group endowed to promote safe use of social media at workplace. The report has studied the Web 2.0 targeted hacks recorded in the first quarter of 2009.

Another reason for shifting hackers' attention from e-mail to social networking websites is peoples' extensive use of these sites to communicate with family members, colleagues and friends.

David Lavenda, Vice President, WorkLightt, states that the use of e-mail for spreading malicious codes has reached the saturation level, resulting into hackers and spammers are switching to new frontier of social network, as reported by PCWORLD on May 10, 2009. WorkLightt was the vendor who sponsored the study.

Lavenda further states that the e-mail use for launching malicious attacks is steady. It is an electronic warfare game between spammers and security tools that has reached status quo. As people increasingly come online and adopt new social tools to stay connected with known ones, the opportunities of causing them harm also surge.

The forum has made analysis of recent web hacking incidents and found that Web 2.0 sites were the leading target of attacks occurred in Q1 2009. These kinds of attacks were more common with 21% of the total incidents.

The report also reveals that attack techniques using Web 2.0 features like user-generated content occupied the first place in Q1 2009, followed by authentication abuse at the second place. Authentication abuse accounted for 18% of the attacks, while Cross Site Request Forgery (CSRF) constituted 8% of the attacks to reach the sixth place.

Furthermore, loss of confidential information remained the leading outcome of web attacks (29%) followed by disinformation at the second position with 26%. This was primarily due to hacking of identities of celebrities.

Meanwhile, IT executives have said that social networking sites will stay, but they are trying to find out ways to provide employees what they need and at the same time protect the company.

Related article: Employees Pose Internal Risk in European Businesses

» SPAMfighter News - 5/14/2009