Home / / Cybercriminals use Facebook to target businesses

Cybercriminals use Facebook to target businesses

Symantec warns of increases in targeted attacks; stolen identities being sold for just AED 30

Cybercriminals are using data from social networking sites to craft targeted messages.
Cybercriminals are using data from social networking sites to craft targeted messages.

Symantec sees an increase in cyber attacks targeting enterprises, aided by the vast amount of information publicly available through social networking sites like Facebook.

"A lot of attacks happening are web-based and social networks are great place for identity theft," said Johnny Karam, regional director for Symantec MENA, at a press conference to highlight the findings of the firm's 2009 edition of the Internet Security Report which found Saudi Arabia, the United Arab Emirates and Egypt all rank within the top fifty countries for malicious activity worldwide.

Regional technology manager Bulent Teksoz said that Symantec identified 240 million new and distinct malware last year, with a small proportion of that linked to social networking.

"We have identified a number of malicious code that is spreading through Facebook. If you compare it with all the 240 million distinct code identified, it's relatively small...but increasing", Teksoz stated. "What we have seen is its use in targeted attacks across enterprises; how to get to know the CEO and employees better so that they craft the message for them specifically. Cybercriminals want to know people; and how do you know people? Through social networking."

The increasing attacks have left a dent in the pockets of enterprises as well. A recent Symantec study surveying medium to large enterprises around the world, including those in the Middle East, found that $2 million was the average loss to an enterprise because of confidential data loss.

"The Middle East has become a hot spot for cybercriminals. The sheer amount of data loss and malicious activity we used to see in United States and United Kingdom has already moved to emerging countries such as the Middle East. Countries like the UAE, Saudi Arabi and Egypt are ‘soft spots' for them," Teksoz adds. There are several reasons for that shift including a lack of legislation around cybercrime in comparison to other developed markets, as well as poor user awareness of security issues.

Information available on social networking sites including Facebook and Twitter is often gathered by cybercriminals who use the data in attacks focused on individuals and enterprises, as well as for identity theft.

The startling fact is that cybercrime is no longer limited to just people with technical skills; anyone can buy sensitive and stolen information as long as they have they have enough cash. According to Teksoz, a customised 'attack-in-box' can be yours for $700 (about AED 2,500) and stolen identities are available through the underground economy for as little as AED 30 - 50.