HP Networking

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

The dangers of social networking: Enterprise security and Facebook malware

by HPNetworking on 10-31-2011 03:39 PM - last edited on 10-31-2011 06:47 PM

By John W. Pirc, Senior Product Line Manager, Global Network Security Products, HP Networking

 

TwitterPhishing_thumb.jpgIn my last blog post, we covered a very timely use case on the dangers of Twitter in direct messaging phishing for user credentials.  Hopefully that raised your awareness on shortened URLs and the potential dangers that one little click could have on your Internet identity. 

 

 

Facebook users beware

 

Today we will cover how nefarious cyber actors are using Facebook mail to target and entice users tospyware-and-malware-1.png click on a link. I’m sure a lot of you are well aware of phishing scams that are either sent to your personal or corporate email accounts.  The security industry has and continues to educate on the importance of not clicking on those types of emails.  Now with the rampant adoption of social networking such as Facebook, you now have the ability to receive Facebook mail. One could argue that it’s not traditional email but that does not matter as this has been an effective way to distribute malware and phishing attacks. Facebook statistics indicate that they have over 800 million users and to a bad cyber actor they can count on a percentage of users that will click on some form of malware. 

 

According to an article with research provided by BitDefender, almost 97% of Facebook and Twitter users “will blindly click on a link without checking for the presence of malware”. As a security expert, that number isn’t surprising as we sometimes might get a false sense of security with having end-point and network security devices in the corporate network.  However, sometimes that’s not enough, meaning education and awareness is paramount in reducing your risk profile. The following is a real use case of Koobface that was classified as a computer worm but also categorized as a Botnet. Since Social Networking is being allowed in a lot of corporate environments, it’s important that you educate your workforce on examples I’m about to show you.

 

In figure 1.0 below, I was sent a very enticing messaging from an individual that I know would never send me with the title “Nice! Your body looks awesome on this video”. As any security researcher would do, I accessed my account on a machine that I perform all my analysis on.  ranted this was sent to me on September 21, 2009 and at the time there was not enough information on Koobface.  I decided to look up the IP reputation of the site that was embedded in the email and based on the results; the IP reputation of the site was not good.

 

figure 1.0.jpg

 

Figure 1.0 : Koobface message and IP Reputation

 

Further analysis of the website using network forensics in figure 1.1, I uncovered two files that were downloaded to my system. With all the security in place; end-point and network based minus IP Reputation, this attack was successfully carried out as it was truly a zero-day attack.

 

figure 1.1.jpg

 

Figure 1.1 : Analysis of Koobface

 

If I would have had IP Reputation enabled on my HP TippingPoint IPS, access to this site that was distributing Koobface would have been blocked. This is important, as time-to-protection with IP Reputation is paramount when you’re dealing with these types of attacks within the corporate infrastructure.  As you can see, our filter coverage below in figure 1.2 for this attack wasn’t added unit Nov 2010, which would not have helped me in September 2010, however the IP Reputation service provided by HP TippingPoint would have provided me proactive timely protection.

 

figure 1.2.jpg

 

Figure 1.2 : HP TippingPoint IPS Filter Coverage for Koobface

 

Be vigilant

 

I can’t stress enough on the importance of being proactive and not clicking on embedded links in Facebook and other online social networking sites. Not only does this increase the risk of compromise to critical assets within the corporate infrastructure but also personal identifiable information on your home computer. 

 

Stay tuned for my next blog article on social networking that will focus on privacy and situational awareness. Until then. . .stay social and stay secure!

 

>> Learn more about HP Enterprise Security Solutions.

>> Learn more about HP Networking products and solutions.

>> Follow HP Networking on Twitter | Join HPN LinkedIn Community | Like us HPN Facebook

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Comments
by Matt Archer(anon) on 11-06-2011 07:41 PM
Options

Great blog subject John!

 

Having the ability and awareness of an "IP Reputation", and the ability to access that with the Tipping Point portfolio are very useful as you have underlined in your blog.  I was surprised in one sense, but not really in another with respect to 97% of folks clicking blindly on these links on social networking sites.  It goes with the territory a bit, but it is very concerning, more so at an SMB & home user environment where end point security isn't as high.

 

Thanks for the food for thought, and great suggestions.

Kind regards,

Matt

0
by John Pirc(anon) on 11-07-2011 06:08 PM
Options

Matt,

 

Thank you for the comments.  I think you bring up a great point in terms of the SMB and home user.  With the consumerization of IT and mobility (access anywhere/anytime), certainly brings challenges not only to the Enterprise but to the SMB and home user.  Additionally, the rapid proliferation/use of Social Media, which is no surprise due to the dynamic nature and reach of the world wide web has been and will continue to be a target by nefarious cyber actors.  I need to be careful here but to your point, is the SMB and home user at more risk?  I’ve certainly read a lot of reports on security in the mid-market and the one that comes to mind was published by Darkreading “Why Small Businesses Are Vulnerable To Cybercrime -- And What They Can Do About It”, can be found here:Darkreading .  It’s not surprising in this report that some…not all in the SMB don’t think they are enticing targets over a large corporation.  Another fact from the report states that “SMB’s are twice as likely as individual consumers to suffer non-credit card fraud”. This is just one point of view but you can find other articles that have similar statistics and view points.  However, with all the reports in the world and to your point, how can we better secure the home user and SMB.  In keeping it simple, it revolves around People, Process and Technology.  The biggest thing with People is education through articles such as this, which brings awareness on security threats and might provide insight on other technologies beyond just a Firewall and Anti-Virus.  This drives process for Enterprises and SMB’s but not the home user…as I don’t have a Social a Media policy for my household other than to my children ;-)  In terms of technology, the same level of security at least in our product line scales from the Enterprise to the SMB.  In terms of technology available to the home user, they are somewhat limited in terms of A/V and advanced filtering in their home router.  In my humble opinion, A/V is still relevant and vendors in this space have gone beyond just standardized A/V as the threat landscape moves…thus moving the technology.  In summary the best first step we can take is education across the Enterprise, SMB and home user and secondarily, taking a closer look at what we are purchasing from a security perspective.  Again, great question Matt and sorry for the long winded response but I do believe you have given me an idea for a blog that will provide insight to the SMB and home user.


 

0
by Toddjir(anon) on 01-05-2012 09:17 PM
Options

This is very intresting and a great post.  Email has long been the fastest way to get a virus on a computer system.  And for all the reasons you said.  Many people do not even think about clicking on links in email, they just blindly click.  This could become a very serious problem with 800million users on Facebook. 

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
Labels