Network Attacks on Facebook, Twitter Tripled in 2009
针对web2.0社交网站的网络攻击在2009增加了3倍
By Joan Goodchild, CSO
As more organizations allow employees to use social media like Facebook and Twitter at work, cybercrime attacks on these networks have exploded, according to a report released Monday by IT security firm Sophos. Reports of malware and spam rose 70 percent on social networks in the last 12 months, the security survey reveals.
随着越来越多的组织允许员工在工作时使用像Facebook和Twitter这样的社交网站,针对这几个网站的网络犯罪呈爆炸性的增长,根据周一IT安全公司Sophos的报告,在过去的十二个月中,恶意软件和垃圾信息增长了70%。
Sophos' investigation, titled "Social Security," finds 57 percent of users report they have been spammed via social networking sites, and 36 percent reveal they have been sent malware via social networking sites. The "Social Security" survey is part of Sophos' 2010 Security Threat Report, which looks at current and emerging computer security trends.
Sophos题为“社交安全”的调查中揭示了有57%的用户在社交网站上收到过垃圾信息,还有36%的人收到过恶意软件。这份“社交安全”点差是Sophos公司2010的网络安全报告的一部分,这份报告旨在观察现在的和新兴的电脑安全趋势。
"Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," said Graham Cluley, senior technology consultant for Sophos. "The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks."
“电脑用户们在社交网络上分享敏感以及有价值的个人信息花费了越来越多的时间,而黑客在寻找哪里能够赚钱,” Sophos的资深技术顾问Graham Cluley说到:“这种令人吃惊的网络攻击增长告诉我们社交网站和它们数以百万计的用户亟需增强防范有组织的网络犯罪活动与他们的个人信息被窃取、诈骗或恶意软件攻击。”
While most of the 500 firms Sophos polled, 72 percent, were worried workers behavior on social networks is putting their business at risk, almost half of them, 49 percent, allow all of their staff unfettered access to Facebook and other social networking sites. (See also:Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0 Access)
根据对500强的调查,有72%的公司担心员工在社交网络上的行为可能让它们的商业利益受到损害,而几乎有一半的企业(49%)允许他们职员自由的接入Facebook与其他社交网络。
"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," said Cluley.
“恰恰是对雇员在社交网络上持开放的态度导致了Facebook上恶意软件、垃圾信息和个人信息窃取的增加无情的讽刺了这些公司。” Cluley如是说。
Survey respondents were also asked which social network they believed posed the biggest security risk and 60 percent said Facebook.
对调查对象的问题之中有一个是哪一个网站引起了最大的安全威胁,有60%的人选择了Facebook。
"We shouldn't forget that Facebook is by far the largest social network - and you'll find more bad apples in the biggest orchard," explained Cluley. "The truth is that the security team at Facebook works hard to counter threats on their site - it's just that policing 350 million users can't be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the internet."
“我们不应该忘记Facebook是目前最大的社交网络——而林子大了就会什么鸟都有” Cluley解释道:“事实是Facebook的安全队伍在努力解决他们站点上的安全问题——不过监管3亿5千万用户对谁都非一件易事。但是几个简单的改变会毫无疑问的使Facebook的用户变得安全。例如去年Facebook推荐的新个人设置,而这是一种倒退,因为它鼓励很多用户与互联网上的每个人分享他们自己的信息。”
The report also points out the inherent security problems presented by LinkedIn, which is a social network targeted to working people that allows them to network and job seek, among other things. Although LinkedIn is considered to be by far the least threatening of the networks, Sophos advises that it can still provide a sizeable pool of information for hackers.
报告同样指出了LinkedIn呈现的内在问题:这个社交网络的目标客户是工作的人群以允许他们加入社区和寻找工作。尽管LinkedIn是被认为目前危险最小的网站,但Sophos报告这个网站仍然能提供给黑客们很多的信息。
"Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization's structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," explained Cluley. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions. This makes it child's play to reverse-engineer the email addresses of potential victims."
Cluley进一步解释到:“针对公司的网络袭击此时已经出现在新闻中了,而对你公司结构了解的信息越多,黑客想要给他们目标电脑发送有害附件的难度就越小。像LinkedIn这种站点给了黑客有效的组织人员名单,上面列着你们的员工姓名和职位。这使得他们想要反向解析潜在受害者的电子邮件地址就像孩子游戏一般。”
没有评论:
发表评论