REPORT ON ATTACKS ON SOCIAL NETWORKING SITES

Context of the study Social media is now a hotbed for cybercriminal activity. Internet-based attackers are attracted to social networking sites because they make it is easy to find and engage targets. Moreover, they are convenient and cost-effective channels of attack. Also, it is easy to create fake accounts that will facilitate the quick spread of malicious software with significant efficiency. Problem statement Main problem: Cybercriminals are increasingly targeting social networking sites to access personal, corporate and banking information. Also, the study will illustrate the effects of such attacks on users- i. e. , how they are affected by such attacks. The focus will both be on the user at the enterprise level and the individual user with a straightforward personal account.

Essential comparisons will then be drawn on these attacks. Some attacks are politically motivated; others are motivated by personal differences by owners of the targeted social media accounts while others are motivated by criminal intent, mostly associated with stealing from bank accounts based on interned banking platforms. One of the most significant challenges in preventing attacks on social networking sites lies in the fact that they exist outside the network perimeter. Thus, threats to their security can manifest for extensive periods before endpoint security frameworks, and network perimeter can pick up behavior patterns associated with malicious software. The identification and mitigating of attacks on social networking sites, therefore, requires an in-depth understanding of this unfamiliar threat landscape. Fact-based comparison between newly recognized techniques and tricks and traditional network attack methods can be drawn and used for this course.

According to Neeraja, Arundathi, & Rao, all forms of social media are based on the theory of six degrees of separation. The theory suggests that any person can be connected to any other person on earth through a pattern of acquaintances with at most five intermediaries (with a total of six connections) the number of links in the chain is proportional to the number of acquaintances. Individuals in the first degree are the dearest friends and close family. As the degrees of separation increase, the trust and relation decrease. Therefore, by reducing the number of acquaintances, less links are available for exploitation and thus there is less cyber-attack risk. They must then limit access only to social networking sites that have apparent business interests and only to members with a business-based need to access them.

Also, when deliberating on which social network sites to allow employees access to, it is important to read through terms and conditions, and to consider their potential ability to give the developers permission to freely use, share or sell information and content. It is important that all employees acquire security awareness for social networking (Priya & Ahamed). It is also important that they carry out education on the enterprise’s acceptable usage policy. Such training will improve user behavior and promote good practice among employees- employees who understand the risks involved with haphazard and carefree sharing of information and content on social networking sites are likely to be extra careful not to expose the enterprise to cyber-attack. However, given that not all employees are responsible for adding information to company websites, third-party tools will ensure only a small controllable group of employees has access to company login information.

Even so, only trusted and risk-free app is to be used for this particular function. According to a study by the University of Phoenix, about 2/3 of US adults report that their accounts have been attacked in the past. It is common, in the United States, to hear of LinkedIn credentials being offered for sale in the black market (Dark Web). An estimated 75% of online adults use social networking sites, thus putting the number of hacked accounts at a very significant figure. Mr. Trump and his North Korean counterpart, Kim Jong Un, have in the past threatened use of nuclear weapons against each other on Twitter. One can only imagine the consequences of such accounts being hacked and perilous information being posted-there could potentially be war or great panic, if not both.

Moreover, celebrities including musicians and sports personalities are often exposed to impersonation attacks from adversaries’. Enterprises have also taken great hits from controversial information being posted about them. Other malicious software that can access an individual’s data through social networking sites includes a wide range of spyware, malware, and adware. An example of a sophisticated social media attack in the recent past includes the Locky app, a piece of malicious software spread through email attachments and malicious codes embedded into image files. Clicking and an opening of the image by the social media user would carry the consequence of locking down all the files in the user’s computer. Afterwards, a message would appear –the message demanded payment for the computer files to be freed.

Moreover, phishing accounts use social media to deceive users into providing banking details and passwords among other personal information (Nachenberg & Spertus, 2012). Footprinting in the social media context involves data collection to identify employees, brand accounts owned by the target companies and of their executives. Important information on email addresses, names and telephone contacts can be sourced from the organization’s publications and website, the news media among other sources to zero in on target social media accounts. Scanning seeks to establish systems and their specific IPs while enumeration involves pointing out the ports and services located on these target systems. Adversaries apply a similar strategy when plotting on attacking social networking sites but use different methods. In attacks on social networking sites targeting corporate networks and organizations monitoring and profiling, foot printing, impersonating and finally, attacking are involved.

Cyber scammers are now using clever trickery to make users call them to hand over cash –they provide pop-ups that direct the user to a number where fraudulent support representatives deceive users into sending them money. Spear phishing and scamming accounts are now arguably the most common attack channels used. There are more scammers and scamming accounts available on the internet as compared to the number of spear phishing attempts. However, spear phishing is growing at a faster rate compared to scamming. Moreover, attacks on companies and organizations were found to be common as compared to attacks on regular people. This particular security feature seeks to protect users who take advantage of public wifi services, which includes millions of people. In case of malware making it into a Facebook account, Facebook has a procedure for suspending the account and performing a security scan on it until it is secured from attack.

Similarly, Twitter has also implemented changes meant to improve the online security of its users. The company has made encryption available, just like Facebook’s, https://. The “always use HTTPS” tool option is available on the settings package for users. The goal is to actively collect information (Marshall, 1996). Interviews used in this study method investigated attacks of social networking sites –they sought to reveal the impact of hacking of social media accounts for financial and personal information. Company executives were asked about the policies that they implement to secure their social media accounts from security threats. Cyber security experts were also sourced for their contribution. Focus groups Focus groups are mini-seminars or workshops that involve planned discussion that aims to achieve specific objectives.

Moreover, the login information for access to social media accounts is a highly valuable commodity for cybercriminals. They can, after gaining access to social media accounts, take hostage of all computer documents and thus devastate the user into paying large amounts of money to get back important work and personal information. Enterprises are also common victims of social networking site attacks wherein their accounts are hijacked and used to publish embarrassing information – for instance, racial slurs, sexist comments and even abusive or offensive content- that could lead to loss of customer base and thus collapse of a company. Various strategies can be used to protect users, including enterprises, from social media account attacks. Such strategies include good password hygiene and limiting access to a company’s social media account to few individuals.