026
Source: Check Point Software Technologies
TWO MAJOR DROPBOX
SECURITY INCIDENTS IN 2 YEARS
13
%
Twitter
12
%
LinkedIn
59
%
Facebook
Top Social Network Bandwidth Utilization
Average Utilization Calculated within
Social Network Applications
Chart 3-H
Legitimate Facebook Post or Virus?
With the increase in popularity of social networking on a
constant rise, new challenges are introduced to organizations.
Inadvertently posting sensitive project information on social
networking applications could harm the reputation of an
organization, cause loss of competitive advantage or cause
financial loss. Hackers are leveraging new socially-engineered
hacking techniques to drive botnet activity. Embedded
videos and links in social networking pages are becoming
popular spots for hackers to embed malware. In addition
to the security risks, social networking applications create a
severe problem of network bandwidth hogging. Facebook
is without a doubt the most accessed social network. Other
social networks visited during a work day (but significantly
less than Facebook) are Twitter and LinkedIn.
A Facebook link leading to a malicious site:
Social Engineering Attacks - Case Study
Recent attacks indicate that hackers are shifting the use of
regular emails to social networks as a distribution channel.
The following case is based on a real attack that took place
In July 2012, an attack on users of Dropbox took place.
Dropbox user names and passwords exposed in breaches
on another Web site were tested on Dropbox accounts.
The hackers used a stolen password to log into a Dropbox
employee’s account that contained a document with
users’ e-mail addresses. Spammers used those e-mail
addresses to send spam
22
.
The incident illustrates a frequent tactic used by
hackers. Hackers will often steal user names and
passwords from sites which, at first glance, may not
contain any valuable financial or personal information.
Then, they will test those credentials across the Web
sites of financial organizations, brokerage accounts
and, apparently, Dropbox accounts, where potentially
more lucrative information may be found.
In 2011, a bug in a Dropbox software update made it
possible for anyone to log into any Dropbox account
as long as that person had the e-mail address of the
user. This bug exposed users shared documents and
information. The problem was fixed within several
hours but it served as a warning for both users and
for corporations whose employees use file sharing and
storage services, like Dropbox and Google Docs, to
store sensitive corporate information
23
.
1...,15,16,17,18,19,20,21,22,23,24 26,27,28,29,30,31,32,33,34,35,...50