Beware shortened URLs, geo-location in social media

Security vendor McAfee Inc. is warning of a rising security risk in 2011 in the 3,000 shortened URLs generated per minute for use on social media sites such as Twitter.

With the growing phenomenon that is social networking and instant communication, the popularity of shortened URLs in a limited character space is a ripe opportunity for cyber criminals, said Jim Galpin, Santa Clara, Calif.-based McAfee’s manager of Canadian consumer sales.

“People click on things and they really don’t know where they’re going to go, or what they’re going to get,” said Galpin.

It’s an incredibly lucrative business for hackers, who can easily drop malware on unsuspecting Twitter users in order to reap private information, said Galpin.

The challenge on the security side, said Galpin, is that the illegitimate sites and mixed in with legitimate ones. And illegitimate sites often morph to avoid detection. “It’s a constantly moving target,” he said.

IT departments can protect themselves by ensuring sufficient security investment in network devices to block potential harm, said Galpin.

The risk inherent in URL-shortening services on social media sites is just one prediction McAfee has made as part of its 2011 Threat Predictions report. Another, also pertaining to social media, is the increased hacker attention to geo-location services such as FoursquareGowalla and Facebook Places that track and publish the whereabouts of users.


“It gets a little scary,” said Galpin, explaining that cyber criminals can easily determine a user’s interests based on geo-location information and launch specific targeted attacks at that person.

It’s a vector attack that’s particularly alluring for well-funded organized crime, said Galpin. “The best security advice is really just being educated and know what to look for,” he said.

Social media aside, McAfee also predicts that 2011 will be the year when hackers up the ante on Mac-targeted attacks given the popularity of Apple devices such as the iPhone and iPad. So far, the primary mobile threat to Apple devices has been “jailbreaking” — when users are able to remove usage and access limitations set by Apple — but that’s about to change, said Galpin.

“It taps into the mobile platform, but it’s the growth in smart phone technology and whole proliferation of iPads and PC tablet market,” said Galpin.

In particular, as iPhones and iPads quickly become enterprise devices, cyber criminals will take advantage of the lack of user understanding of security, said Galpin. Apple botnets and Trojans will be a common occurrence in 2011.

San Diego, Calif.-based security vendor Websense Inc. warns that, as a result of the greater permeation of smart phones in the enterprise, smart devices will become the prime target of hackers in 2011.

Patrick Runald, Websense’s senior manager of security research, explains that IT departments will have to change their perspective on smart devices and start treating them like laptops.

“You wouldn’t allow a company-owned laptop to just connect anywhere without any type of security, which typically happens with these smart phone devices,” said Runald. “Well, why not use the same on iPads and iPhones and Androids?”

McAfee also predicts that 2011 will bring about nastier bots as a result of mergers and acquisitions in the botnet world. Botnets Zeus and SpyEye merged recently to produce what McAfee foretells will be even more sophisticated botnets capable of evading security mechanisms and law enforcement monitoring.

Follow Kathleen Lau on Twitter: @KathleenLau

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now