The threats to Internet have been also posed to the social networking sites. In social networks people tend to reduce the original alert and this makes it easier for malware to spread. In this blog we study the threats to social networks in recent years and analyze the targets what the attackers want and the methods how attackers perform these attacks and we discuss the countermeasures against the threats to social networks.
People can share multimedia data with others and keep in touch for fun in social networks. As to users, social networks are like a virtual communication medium or an online community. User logs into one of these networks and searches for new users with the same interest after creating a profile to introduce himself. Social networks show explosive growth in recent years. Social networking sites, such as Instagram, Facebook, Twitter, LinkedIn, Pinterest have been very popular and become the preferred method of communication for most people.
Attackers can gain the important personal information very easily by using social networks. These information such as password , personal details and bank account can help attackers in a wide range of network crimes, including identity theft.
Users are encouraged to provide name, address, gender, date of birth, school, place of birth, interest and other personal information in social networking sites. These information will be shared with other users. Then attackers will find the important information by analyzing these information. The more information users provide, the more information attackers will get. Some social networking sites do not leave much room for uses to provide important personal information but attackers also can analyze the series of these posts and gain what they want.
Why does the attackers target you? & How do they do it?
Attackers attack for different purposes. We find that the targets of attacks in social networks are similar to the ones in Internet. These purposes are listed below :
1. Just for Fun – The attacker just want to play with you to improve their reputation or to satisfy their own self accomplishment.
2. To Gain Access Control – Attackers control the computers of other users and do what they want. The worst is that the controlled computers are organized into a Botnet to perform some types of attacks such as DDOS (Distributed Denial of Service)
3. To Gain Personal information – The important personal information is very useful to attackers. Privacy such as password, bank account and social security number are the very thing attackers are looking for. Once attackers gain these information they can commit further crimes, even identity theft.
4. Company information – In some social networks such as LinkedIn users are business customers. So the personal information means a vast reservoir of wealth.
5. IP Bounce – Once the attacker gain access to your system he/she may use your MAC address, IP address to do his illicit work from your PC without even your knowledge.
6. Money – Most of attackers want to gain bank accounts, privacy, financial secrets.
These being the main motive for attacks, there are different types of attacks which the attacker/hacker uses to gain access to your information. Some of them being:
1. Flaw in the third-party applications –Social networks such as Facebook allow users to add the third-party applications in order to attract users. The more applications users add, the more flaws will be brought. This will lead to more danger.
2. XSS (Cross-Site Scripting) – XSS can be generated into the web page code and pose a great threat to users. Attackers can use XSS vulnerabilities to steal COOKIES, hijack accounts, run FLASH, force users to download malware and etc. There are many interactions among users in social networks. The large amounts of information including some URLs with XSS flaw will attract many users. Once users click the URL the attacks will be triggered.
3. Phishing – In social networks attacker can disguise himself as a legitimate user and uses social engineering to entice other users to click the designed URL. Users in social networks are willing to accept the invitation of strangers and communicate with them. This will lead to a phishing attack.
4. Denial of Service (DoS\DDoS) – A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic that the server is unable to process all the requests in the real time and finally crashes down. This popular technique, the attacker floods the targeted machine with tons of requests to overwhelm the resources, which, in turn, restrict the actual requests from being fulfilled.
5. Virus, Trojan… Etc – Virus or Trojans are malicious software programs which get installed into the victim’s system and keeps sending the victims data to the hacker. They can also lock your files, serve fraud advertisement, divert traffic, sniff your data, or spread on all the computer connected to your network
Counter measures against these attacks.
Now that we know why we get targeted and how they attack us, lets look at some counter measures to be more safe online.
• Users must make it clear what the differences among social networking sites are before joining them. Some sites only allow certain users access to your post, while others allow anyone to view your post.
• The uploaded content must be controlled by users. Users can permit only certain groups, such as classmates, clubs, colleagues and relatives to have rights to visit their web pages.
• Do not post full name, social security number, address, telephone number, bank account or credit card numbers, and do not post the information of other users either. Some information that can reveal user identity must be carefully published.
• Users should keep in mind that the information uploaded by users can not be taken back. Even if users removed the information from the sites, but the old version of the information still exists in others’ computer.
• Users should remain alert against strangers and not visit suspicious pages and links.
• Users should patch the security holes in time. When new attack breaks out users should update operation system or applications immediately.
• Used should be aware of the privacy settings available for the respective social media platform they are using. By doing so they can restrict the flow of their personal information to a certain extend.
Machine learning algorithms has started taking over the online security for users. With the help of ML more spams are filtered out and access controls are being monitored. (Gmail,Netflix sending you email regarding your login details from other computer). Since the technology is booming in a fast pace the attackers will learn to adapt along with it. So it is our responsibility to be safe and post your content or personal information on the social media platform wisely.
Disclaimer : The information above are gathered from various sources.