Social networks experiencing "dramatic rise" in hacker attacks

The amount of malware and spam targeted at social networking sites has soared by a huge 70% over the last year, with Facebook posing the greatest threat to corporate security, according to a new survey.

The poll undertaken among 502 organisations between November and December last year by anti-virus software vendor Sophos found that more than a third of respondents had been infected by malicious code from such sites during 2009, a rise of 69.8% over the previous year. Some 57% had also been hit by spam, an increase of 70.6%.

Graham Cluley, a senior technology consultant for the company, said that, because growing numbers of computer users were spending more time on social networking sites and routinely sharing valuable personal information, hackers were now following the money.

"The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organised cybercrime or risk falling prey to identity theft schemes, scams and malware attacks," he added.

Some 72% of those questioned for the company’s ‘Security Threat Report 2010’ expressed concerned that staff behaviour in relation to social networking sites exposed the organisation to danger and put sensitive corporate data at risk.

A further 60% felt that the largest site, Facebook, posed the biggest security threat, even though nearly half allowed their staff unfettered access, a rise of 13% on a year ago. Next on the danger list were MySpace at 18% followed by Twitter at 17%.

While the business site LinkedIn was seen as worrying by a mere 4%, Cluley warned that it could still provide hackers with a good chunk of personal information.

"Targeted attacks against companies are in the news at the moment and the more information a criminal can get about your organisation’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," he said.

Sites such as LinkedIn has the advantage for hackers of providing a form of corporate directory, which lists staff names and positions, which makes it "child’s play" to reverse-engineer the email addresses of potential victims, Cluley added.