Site icon IT World Canada

Beware shortened URLs, geo-location in social media

Security vendor McAfee Inc. is warning of a rising security risk in 2011 in the 3,000 shortened URLs generated per minute for use on social media sites such as Twitter.

With the growing phenomenon that is social networking and instant communication, the popularity of shortened URLs in a limited character space is a ripe opportunity for cyber criminals, said Jim Galpin, Santa Clara, Calif.-based McAfee’s manager of Canadian consumer sales.

“People click on things and they really don’t know where they’re going to go, or what they’re going to get,” said Galpin.

It’s an incredibly lucrative business for hackers, who can easily drop malware on unsuspecting Twitter users in order to reap private information, said Galpin.

The challenge on the security side, said Galpin, is that the illegitimate sites and mixed in with legitimate ones. And illegitimate sites often morph to avoid detection. “It’s a constantly moving target,” he said.

IT departments can protect themselves by ensuring sufficient security investment in network devices to block potential harm, said Galpin.

The risk inherent in URL-shortening services on social media sites is just one prediction McAfee has made as part of its 2011 Threat Predictions report. Another, also pertaining to social media, is the increased hacker attention to geo-location services such as FoursquareGowalla and Facebook Places that track and publish the whereabouts of users.
 

“It gets a little scary,” said Galpin, explaining that cyber criminals can easily determine a user’s interests based on geo-location information and launch specific targeted attacks at that person.

It’s a vector attack that’s particularly alluring for well-funded organized crime, said Galpin. “The best security advice is really just being educated and know what to look for,” he said.

Social media aside, McAfee also predicts that 2011 will be the year when hackers up the ante on Mac-targeted attacks given the popularity of Apple devices such as the iPhone and iPad. So far, the primary mobile threat to Apple devices has been “jailbreaking” — when users are able to remove usage and access limitations set by Apple — but that’s about to change, said Galpin.

“It taps into the mobile platform, but it’s the growth in smart phone technology and whole proliferation of iPads and PC tablet market,” said Galpin.

In particular, as iPhones and iPads quickly become enterprise devices, cyber criminals will take advantage of the lack of user understanding of security, said Galpin. Apple botnets and Trojans will be a common occurrence in 2011.

San Diego, Calif.-based security vendor Websense Inc. warns that, as a result of the greater permeation of smart phones in the enterprise, smart devices will become the prime target of hackers in 2011.

Patrick Runald, Websense’s senior manager of security research, explains that IT departments will have to change their perspective on smart devices and start treating them like laptops.

“You wouldn’t allow a company-owned laptop to just connect anywhere without any type of security, which typically happens with these smart phone devices,” said Runald. “Well, why not use the same on iPads and iPhones and Androids?”

McAfee also predicts that 2011 will bring about nastier bots as a result of mergers and acquisitions in the botnet world. Botnets Zeus and SpyEye merged recently to produce what McAfee foretells will be even more sophisticated botnets capable of evading security mechanisms and law enforcement monitoring.

Follow Kathleen Lau on Twitter: @KathleenLau

Exit mobile version