SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

Cybercriminals earning over $3billion annually exploiting social platforms

By Kai Ping Lew
Mon 11 Mar 2019
FYI, this story is more than a year old

Malware prevention company Bromium has announced the findings of an independent academic study into cybercriminals’ increasingly aggressive exploitation of social media platforms.

The report details the range of techniques utilised by cybercriminals to exploit trust and enable rapid infection across social media.

It also details the range of services being offered in plain sight on social networks, including: hacking tools and services, botnets for hire, facilitated digital currency scams and more.

The findings come from Social Media Platforms and the Cybercrime Economy, an extensive six-month academic study sponsored by Bromium and undertaken by University of Surrey criminology senior lecturer Dr Mike McGuire.

The study examines the role of social media platforms in the cybercrime economy.

Key insights include:

  • Social media-enabled cybercrimes are generating at least $3.25billion in global revenue annually

  • One in five organisations have been infected with malware distributed via social media

  • Reports of cybercrime involving social media grew by more than 300-fold between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK

  • Over 1.3 billion social media users have had their data compromised within the last five years and between 45-50% of the illicit trading of data from 2017 to 2018 could be associated with breaches of social media platforms.

  • Four of the top five global websites hosting cryptomining code are social media platforms

  • The number of enterprises infected by cryptomining malware doubled from 2017 to 2018

  • Social media platforms contain up to 20% more methods by which malware can be delivered to users – e.g. through adverts, shares, plug-ins – than comparable sources, such as eCommerce, digital media or corporate websites

  • Social media has fueled a 36% increase in the recruitment of ‘millennial money mules’ since 2016 and has increased fraud revenues by 60% since 2017

Bromium CEO Gregory Webb says, “Social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals.” 

“Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high-value assets.

“Understanding this is the first step to protecting against it, but businesses must resist knee jerk reactions to ban social media use – which often has a legitimate business function – altogether,” Webb says.

“Instead, organisations can reduce the impact of social media-enabled attacks by adopting layered defenses that utilise application isolation and containment,” he says.

“This way, social media pages with embedded but often undetected malicious exploits are isolated within separate micro-virtual machines, rendering malware infections harmless.

“Users can click links and access untrusted social-media sites without risk of infection.”

Cryptomining and digital currency scams

Since 2017 there has been a 400 to 600% increase in the amount of cryptomining malware being detected globally, the vast majority of which has been found on social media platforms. Of the top 20 global websites that host cryptomining software, 11 are social media platforms like Twitter and Facebook.

Apps, adverts and links have been the primary delivery mechanism for cryptomining software on social platforms, with the majority of malware detected by this research mining Monero (80%) and Bitcoin (10%), earning $250million per year for cybercriminals.

“Facebook Messenger has been instrumental in spreading cryptomining strains like Digmine,” says McGuire.

“Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptomining malware to execute on their devices, consuming more than 80% of their CPU to mine Monero.

“For businesses, this type of malware can be very costly, with the increased performance demands draining IT resources, network infections and accelerating the deterioration of critical assets.”

In addition, social platforms have become increasingly important to the business of digital currency scams involving fraudulent crypto-currency investments.

“One trend on social media has been the hijacking of trustworthy verified accounts,” says McGuire.

“In one case, hackers took over the Twitter account for UK retailer Matalan and changed it to resemble Elon Musk’s profile.

“Tweets were then sent out asking for a small bitcoin donation with the promise of a reward. Safe to say, nobody who donated got anything in return.”

Social media in the middle of a chain exploitation and malicious malware attacks

The report found crimeware tools and services widely available on social media platforms.

Up to 40% of inspected social media sites had a form of hacking service offering hackers for hire, hacking tutorials and tools to help hack websites.

Social media platforms also enable an underground economy for the trading of stolen data, such as credit card details, earning cybercriminals $630million per year.

“Social platforms and dark web equivalents are becoming blurred, with tools, data and services being offered openly or acting as a marketing entry-point for more extensive shopping facilities on the dark web,” says McGuire.

“One account on Facebook offers the opportunity to trade or learn about exploits and advertises on Twitter to attract buyers. We also found evidence of botnet hire on YouTube, Facebook, Instagram and Twitter, with prices ranging from $10 a month for a full-service package with tutorials and tech support to $25 for a no-frills lifetime subscription – cheaper than Amazon Prime.

“For the enterprise, this raises a very real concern that the ready availability of cybercrime tools and services make it much easier for hackers to launch cyber attacks.”

Social media platforms have become a major source of malware distribution.

The research found that up to 40% of malware infections on social media come from malvertising, and at least 30% come from plug-ins and apps, many of which lure users in by offering additional functionality or deals.

Once the user clicks, the malware executes – allowing hackers to steal data, install keyloggers, deliver ransomware, persist and hide for future attacks and so on.

The spread of malware is facilitated by large user bases and the fact that many social media sites share user profiles across platforms, enabling “chain exploitation”, whereby malware can spread across multiple social media sites from one account.

“While adverts on Facebook or Instagram may look like they’re promoting Ray-Ban sunglasses or Nike shoes, they’re often more sinister and deliver malware once clicked,” says McGuire.

“Cybercriminals have been quick to see how the social nature of such platforms can be used to spread malware. They embed malware into posts or friends’ updates and use photo tag notifications to persuade users to open infected attachments.”

Social media enabling traditional crime

Social media platforms are also hosting a thriving criminal ecosystem for more traditional criminal activity.

They serve as a recruitment centre for money mules used for laundering, with posts or adverts offering opportunities to earn large amounts of money in a short time.

“As we saw in the previous report, platform criminality extends beyond cybercrime, with traditional crime also being enabled by platforms,” says McGuire.

“These platforms have brought money laundering to the kind of individuals not typically associated with this crime – young millennials and generation Z.

“Data from UK banks suggests there might be as many as 8,500 money mule accounts in the UK owned by individuals under the age of 21, and most of this recruitment is conducted via social media.”

The illegal sale of prescription drugs is netting criminals $1.9billion per year.

The report also found a large amount of drugs like cannabis, GHB and even fentanyl being sold on Twitter, Facebook, Instagram and Snapchat.

Social media is enabling a wide variety of financial and online romance fraud. “Around 0.2% of social media posts examined for this report involved financial fraud, helping to generate $290million in revenue per year,” says McGuire.

“Criminals have been quick to understand how to exploit social media to facilitate more traditional crime, whether it’s a vehicle to sell something or research potential victims – for instance, online dating scams generate $138million per year and often rely on using social media pages to trick people.”

Related stories
Top stories
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Blue Prism
Blue Prism Desktop uses IA to defend against vulnerabilities
SS&C Blue Prism Desktop aims to help protect businesses against vulnerabilities, using a combination of security measures and intelligent automation tech.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
Sharp increase in phishing as cybercriminals leverage SEO to lure victims
"Malware lurking everywhere, from cloud apps to search engines, leaving organisations at greater risk than ever before."
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Artificial Intelligence
How to ensure ethical deployment of AI implementations
The increase in automation and machine technology such as AI and machine learning has unlocked a whole new level of scale and service to organisations. 
Story image
ThoughtLab reveals 10 best practices for cybersecurity in 2022
The benchmarking study reveals best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
PwC NZ unveils new Cloud Security Operations Center
PwC New Zealand has unveiled its new Cloud Security Operations Center for the entire Microsoft technology stack.
Story image
Digital Transformation
Physical security systems guide the hybrid workplace to new heights
Organisations are reviewing how data gathered from their physical security systems can optimise, protect and enhance their business operations in unique ways.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
CyberArk launches $30M investment fund to advance security
CyberArk has announced the launch of CyberArk Ventures, a $30 million global investment fund dedicated to advancing the next generation of security disruptors.
Story image
NCSC advisory highlights poor security configurations
The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
Story image
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Use of malware, botnets and exploits expands in Q1 2022
"As zero-day attacks and other vulnerabilities among companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics."
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Fortinet training edges toward closing cybersecurity gap
The Fortinet Training Institute has made significant progress in closing the cybersecurity skills gap, on track to train one million people by 2026.
Story image
Microsoft unveils three new security managed services
Security Experts includes three new managed services, Defender Experts for Hunting, Defender Experts for XDR, Security Services for Enterprise.
Story image
Companies rushing to secure print infrastructure
As the pandemic prioritised communication channels and the shift to remote work, IT departments fell behind in updating the security of print and IT infrastructure.
Story image
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Appian awarded billions in damages against Pegasystems Inc.
Appian has been awarded USD$2.036 billion in damages against Pegasystems Inc as the result of a jury verdict in the Circuit Court for Fairfax County, Virginia.
Story image
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."