Panic At The Cisco(!): Facebook Malware On the Rise

If there’s one truism every security professional knows, it’s that there will always be a new threat to address. Newest to the table: Facebook malware. As long as your data can be sold, the attack landscape will never stop shifting.

In an attempt to quantify these new threats, Cisco’s Annual Security Report (ASR), published in January 2016, outlines a variety of trends and predictions, including a look at threat intelligence, broad industry insights and current security capabilities. Like Cisco’s Mid-Year Report, which reveals Facebook scams as the most common way to breach the network, the ASR calls out social media as an exploding new threat vector. According to the report, Facebook is now the #1 source of malware.

The graph below is "a collection of types of malware that cyber criminals use to gain initial access. These are the tried-and-true and most cost-effective methods of compromising large populations of users with relative ease." Facebook malware was the most commonly used attack method.

Facebook Malware Tops the List

Cisco’s data reported nearly 40,000 examples of Facebook malware, 16% more than the next highest attack vector and more than 10x as frequent as traditional email phishing.

This 2016 ASR comes out on the tails of a recently published PwC banking report which covered the top threats facing the financial industry. Unsurprisingly, ‘social media’ saw the largest jump from last year’s report on the list of top 24 concerns; social is now ranked #3 overall. Social media is particularly challenging for banks due to its power to damage a firm's reputation with or without sound evidence to support the claims, not to mention its popularity amongst malware distributors. The PwC report also mentions ‘technology risk’ and ‘criminality’ as top movers, both breaking into the 5 biggest risks. The overlap between criminality and social media makes social media cyber crime an even more pressing concern than the report suggests. Facebook malware is just one example of this dangerous new confluence.

The use of social media in the professional world is not going away anytime soon. Whether it is your marketers and salespeople engaging with customers or your brand account publically announcing a new product, social media is a reality for any modern corporation.

Social media security is becoming a key component in any security posture. Whether you are an SMB in rural Iowa or a Fortune 100 corporation on Wall Street, we are all digitally connected. This new IT system is the biggest on earth, and organizations are always scrambling to put IT security around new IT systems. Protection is paramount when it comes to providing a premium service to your customers, and social media is an avenue that most have, until recently, disregarded. However, now that security catastrophes are just a “Tweet” or friend request click away, social media security has never been more important for the security team.