Jason Ding Barracuda Networks
Social connections and interactions are the core value of current online social media platforms, and have greatly improved the communication efficiency of both individuals and businesses. However, these core features are also facilitating hackers and spammers to easily attack large numbers of social users after penetrating their social networks.
Many social engineering tricks, such as click-jacking, phishing links and fake apps, can effectively be delivered to millions of users in a short amount of time. Even when such tricks happen multiple times, they are still very effective due to the nature of social networking. We will show several examples of real attacks from the last year to discuss the ongoing threat.
A big threat from social attackers is the fake social botnet. Fake social botnets contain fake users or pages, fake apps, and fake interactions, such as likes, followings or comments. These social elements fundamentally break the trust model that all online social platforms try to build. These fake profiles and apps give attackers a long-lived path to continuously present malicious links and malware to innocent users. Friending fake accounts can lead not only to rampant spamming attacks on your social networks, but also account takeover using Facebook's trusted friend account recovery.
We have conducted a five-month study on Facebook to analyse over 2,000 Facebook profiles used by attackers. Based on the data statistics, we are able to determine features and patterns that distinguish fake users from real ones, and have created a feature-based heuristic engine to identify fake profiles. We also discovered a fake botnet on Twitter, uncovering the blooming underground economy of buying and selling fake Twitter followers that involved hundreds of dealers, tens of thousands of abusers and fake accounts. These fake account botnets can be easily utilized to spread malicious links and malware on a large scale.
Finally, we discuss the scale and nature of malicious social activities and the uncovered fake account networks, and alert the overall security community about the increasing threats and risks of online social networks.
