“Free stuff and sex,” says Bimal Parmar, VP of marketing at Faronics, “always attract people to click on the accompanying link.” This is particularly likely when the source is someone known and the trust factor is invoked. These factors, attractive offers and trust, come together in social networks; and are aggravated by the use of mobile devices connecting to the corporate network. This was the gist of a webinar delivered by Faronics yesterday: “The rise of cybercrime within social media.”
Most of the attacks are delivered as malicious links, disguised as shortened URLs. Social media users have no idea where the link will go, but tend to click on it because of inherent trust in the social media friend. “And that’s the problem,” explains Parmar, “because you may end up on a website and not do anything, but once you’re there, the website will drop a payload onto your machine. That’s the biggest danger in social media.”
The obvious solution, don’t join a social network, is not commercially realistic. Graham Cluley of Sophos is one security expert who has left Facebook because of his security concerns: but his company, Sophos, remains. “The traditional methods of marketing no longer work,” says Faronics. “You have to have a social media strategy. You have to encourage staff to be social, to spread the word; but then how do you protect yourself from the dangers?”
Parmar believes that there are only three defenses against social media infection: patch management, user education, and enforced acceptable use policies. Anti-virus software is necessary, and will do a sterling job, “but,” believes Parmar, “cannot stop all malware.” The growth of polymorphic viruses and effective exploit kits coupled with the social media attack vector means that companies will, not might, become infected. The blacklisting approach of anti-virus defenses can simply no longer cope with the sheer volume of new virus signatures.
The solution, says Parmar, is an additional layer of defense: whitelisting. Anti-virus products will blacklist known malware; but a whitelist of acceptable applications will prevent any malware that gets passed AV from running.