Spam and malware attacks on social networks have risen 70 percent in the last year, according to data protection firm Sophos. Thirty-six percent of respondents to Sophos’ survey have been sent malware over social networks in the past year, an increase of 69.8 percent. Fifty-seven percent of respondents have been spammed via social networks. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.
“The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Cluley said.
Of course part of the reason that attacks are up is that time consumers spend on social networks is up. That said, I don't see a lot of of care on the part of consumers, especially on Facebook, where quizzes and app invites fly around like wedding-day rice.
Based on a survey of more than 500 companies, Sophos concludes that seventy-two percent of businesses are concerned that employees’ use of social networks will expose company infrastructure to dangers.
The most feared site is obviously Facebook, which is seen as a security risk by 60 percent of respondents. The order of the others might surprise: MySpace (18 percent), Twitter (17 percent) and LinkedIn (4 percent).
While companies are concerned about the security of their data and infrastructure when employees visit social networks, almost half (49 percent) allow “unfettered access” to the sites while employees are at work, which is actually a 13 percent increase over last year.
Sophos suggests that LinkedIn is especially sensitive, not because of lax security, but because of the information it contains.
“Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions," Cluley said. "This makes it child’s play to reverse-engineer the email addresses of potential victims.”
Sophos believes that too many sites are concentrating on increasing their market share at the expense of leaving existing users vulnerable to attacks.