WARNING: More Sophisticated Facebook Attacks In 2012

Security vendors always warn that digital threats will become more sophisticated next year. That's the gist of Zscaler's prognostication for 2012.

The new year will bring with it new and far more serious Facebook security threats, warns those that make money protecting against these digital maladies.

Zscaler ThreatLabZ‘s Vice President of Security Research Michael Sutton said of Facebook in his 2012 predictions:

The majority of malicious activity surrounding social networks today primarily involves unwanted or nuisance traffic, as opposed to attacks that lead to a fully compromised machine.

We’re seeing an increase in likejacking and self-inflicted JavaScript injection attacks that have the same overall goal — drive web traffic or prompt software downloads that can earn the scammer a few cents per click.

Social networks such as Facebook are of value to more serious criminals, but mainly for reconnaissance during targeted attacks. They are a great resource for learning background information about individuals and uncovering relationships, all of which can be of great value for social engineering.

We’re not, however, commonly seeing the communication aspects of social networks used to deliver malicious payloads directly to victims or investments in uncovering web application vulnerabilities used to compromise end user machines, as opposed to spreading the aforementioned scams.

In 2012, attackers will raise the bar and leverage social networks for more sophisticated attacks, the goal of which will be full compromise, as opposed to marketing financial scams.

This prediction sounds like what security vendors say every year — always warning that future attacks will become more sophisticated, without providing real detail.

Readers, are you worried about security on Facebook?