Security Giant Sophos Criticizes Facebook for Surge in Social Network Attacks

Sophos Logo According to the latest security report published by Sophos, spam and phishing attacks have substantially increased, on social networking sites, over the past year. Of the 1000 respondents which were polled, around 82 percent named Facebook as the biggest threat to security. This is a 22 percent increase compared to the survey of last year.

Sophos polls suggest that around 40 percent of the users quizzed, have received malware such as worms via social networking sites. This is nearly 90 percent increase since April 2009.

According to the survey, the proportion of spam has doubled since April 2009. Two third (67 percent) of the users had been spammed through the social networking sites. The incidents of phishing attacks also grew twice in size since April 2009, with 43 percent on the receiving end of phishing attacks.

Graham Cluley, senior technology consultant at Sophos said:

The problem of security threats posed by social networks is not limited to only home users. Access to social networking accounts from the workplace, makes the sites a potential vector for attacks against businesses.

Cybercriminals are showing a drastically higher level of interest in social networks than ever before; with Facebook being the site they are targeting the most. The report cites Facebook’s app system to be a major security vulnerability. Facebook allows any user to create an application, with a wide range of powers to interact with data stored on user pages and cross-site messaging systems. These applications, like survey scams, can then be installed and run on any users’ page.

Sophos wants Facebook to employ a “walled garden” approach to address the app problem, similar to what Apple App Store does. Applications in Apple’s App Store require official approval from Apple, before they can be uploaded to the site and shared with other users. Such an initial check prevents fraudulent and scam apps from making their way into the store. If Facebook employs this functionality, a lot of issues could be resolved before they go viral on Facebook.

Graham Cluley also criticized Facebook’s awkwardly developed features which allow rogue application developers to access users’ private information. “Either Facebook simply doesn’t “get” security and privacy. Or it just don’t care” he said.

According to Cluley, if Facebook will keeping ignoring privacy and security concerns, there will be serious problems.