There have been many cases of social networks overlapping security software this year. Whether they are using Twitter or Facebook for botnet control or propagating phishing links through shortened URLs, online criminals are finding ways to tap into the explosive growth of social networks and use that to exploit end users and their devices.
A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Robert Westervelt writes:
In an effort to sustain growth and pick up new users, more social networks are opening up their architecture to allow third-party applications. Cybercriminals can take advantage of this by developing applications out of the social network environment to target users. In addition, access to social network APIs gives attackers a roadmap to vulnerabilities in legitimate third-party applications and a way to tap into user accounts.
Changes in this environment means that businesses will be more pressed than ever to set policies around the use of social networks on company IT resources and this won’t be popular. It will be made all the more difficult by the fact that social networks aren’t just for personal use any more. More businesses than ever are engaging in social media and using it to connect to customers, provide service, and promote their company.
Expect web site access control, application whitelisting and software asset management solutions to play an even more important role than ever on corporate networks. It will be essential that businesses both understand and control what applications their employees are using to defend against an increasingly prevalent threat.