Facebook security more important as e-mail spam levels drop

Spammers are moving on from mass e-mail blasts to targeted attacks using social networking sites like Facebook and LinkedIn, Cisco security executive Tom Gillis said Monday.

"2010 was the first year spam volumes went down," Gillis said during an onstage interview at DEMO Spring 2011. "Does that mean spam is less of a problem? No."

Spammers have found it can be more effective to use Facebook and other social networks to launch attacks targeted at specific companies or people, said Gillis, vice president and general manager of Cisco's security technology business unit and formerly an executive at IronPort Systems before it was purchased by Cisco.

IN DEPTH: The complicated new face of personal computing

Cisco recently tracked attacks launched via LinkedIn in which fake profiles were used to send connection requests that appear legitimate yet are used to install malware on a machine. These attacks can be launched against specific companies in an attempt to steal financial information.

With e-mail spam, it's not uncommon for 2 billion messages to be sent in a single attack, Gillis said. But spammers, in some cases, are now abandoning those types of attacks for the targeted ones using social networks that Gillis described. On Facebook, worms such as Koobface demonstrate this threat.

Websense defends Facebook

The security vendor Websense has developed a new tool called Defensio for Facebook specifically to help individuals and corporations protect their Facebook pages. The product was launched Monday on stage at DEMO.

"During this six-minute demo, more than 450,000 posts of malicious content, spam, spyware, phishing and fraud will be posted onto Facebook," said Websense CTO Dan Hubbard.

Defensio for Facebook works much like an antivirus program, except that it is completely Web-based and instead of scanning an operating system and applications, it just scans Facebook content, including wall posts, videos, photos, comments and URLs.

"This is a really easy way to see if your page is infected by something," Hubbard said.

In addition to running one-time scans, it can provide ongoing protection at levels decided by the user. For example, Defensio can block profanity in comments or malicious links. Defensio can either delete malicious content automatically or alert the page owner, depending on user-defined settings. While individuals can use Websense, it seems more likely to benefit corporations trying to promote and protect their brands across multiple Facebook pages.

Separately, Cisco's Gillis said that security must continue to adapt to both social networks and the proliferation of mobile devices. Within five years, mobile devices could be the primary tool used to access enterprise information, he said.

Personal and business data is being mingled, and virtualization is freeing applications from the binds of the hardware running underneath, he said.

Eventually, "security will be decoupled from the physical infrastructure," he said. Better models of authentication will be crucial. "The reason we have these problems is we don't know you are who you're saying you are," Gillis said.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityLinkedInIronPort SystemsFacebook

More about CiscoFacebookIronPortIronPort SystemsLANWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon Brodkin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts