A new study carried out by Bromium and Dr. Mike McGuire says that cybercrime through social media (Facebook, Twitter, LinkedIn, Instagram) is generating at least $3.25 billion in global revenue annually.
The report is based on three key factors: “how revenues are generated and which revenues are the most lucrative at present; how revenues are being moved around or laundered; and where revenues are spent or converted into other assets or activities”.
Another focus of the report is the range of malicious service offered openly on social network, such as hacking tools, botnets for hire, cryptocurrency scams. Crimes based on social media have grown significantly. More specifically, the numbers have jumped more than 300-fold in the period 2015-2017 in the United States. In the United Kingdom the numbers quadrupled in the years between 2013 and 2018. An important highlight of the report is that one in five organizations has been attacked by malware delivered through the means of social media.
Financially-driven motivations represent the most important single driver of both the form and spread of cybercrime, the report notes. However, the “cybercrime as a business” definition is no longer adequate to capture its complexities. Here’s where the so-called “Web of Profit” comes into play – “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting and maintaining criminal revenues at unprecedented scale“.
As already mentioned, social media-enabled cybercrime is generating $3.25 billion annually. As for the number of affected individuals, 1.3 billion social media users have been affected within the past five years. It’s also highly likely that some 50 percent of illegal data trading in 2017-2018 took place due to social media hacks and data breaches.
Social Media Gives Attackers an Easy Way in
According to Gregory Webb, CEO of Bromium, “social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals.” Thus, it is becoming increasingly easy for hackers to use social media as a Trojan horse in targeted attacks where employees unknowingly open the door to the enterprise’s “high value assets”.
Let’s take cryptomining malware which has been predominant the last couple of years. An increase of 400 to 600 percent in cryptominining attacks has been registered since 2017, and many of these attacks were hosted on social media such as Facebook and Twitter where you can get infected just by clicking on an app, ad or link.
In early 2018, it emerged that cybercriminals had been abusing Google’s DoubleClick network for a crypto-jacking attack – where malware runs the bitcoin mining software Coinhive on a victim’s computer. Elsewhere, in 2013, it was found that malware directed at the Instagram platform could artificially create likes in order to boost product profiles around brands (for a fee), the report says.
The [wplinkpreview url=”https://sensorstechforum.com/ongoing-linkedin-phishing-attacks-target-how-to-evade/”]LinkedIn network has also been exploited in various ways. Users have been lured by fake accounts presented as company executives and vendors to reveal their personal details. Personal data can later ex exploited in further phishing campaigns where malware is downloaded onto targeted corporate systems.
One phishing campaign distributed on LinkedIn was trying to trick users of the professional network to upload their CVs. Scammers were sending emails about alleged [wplinkpreview url=”https://sensorstechforum.com/job-openings-active-linkedin-users-phishing-scam-detected/”]job openings for active LinkedIn users.