Cybercriminals earn over $3 billion a year from social platforms
Social media-enabled cybercrimes are generating at least $3.25 billion in global revenue annually according to a new report.
The study released by virtualization-based security company Bromium and researched and written by Dr Mike McGuire, senior lecturer in criminology at the University of Surrey, looks at the range of techniques used by cybercriminals to exploit trust and enable rapid infection across social media.
It also details the range of services being offered in plain sight on social networks, including, hacking tools and services, botnets for hire, facilitated digital currency scams and more traditional criminal activities.
Among the findings are that reports of cybercrime involving social media have grown more than 300-fold between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK. One in five organizations have been infected with malware distributed via social media according to the report.
Over 1.3 billion social media users have had their data compromised within the last five years and between 45 and 50 percent of the illicit trading of data from 2017 to 2018 could be associated with breaches of social media platforms. Worryingly, four of the top five global websites hosting cryptomining code are social media platforms.
"Social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals," says Gregory Webb, CEO of Bromium. "Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise's high value assets. Understanding this is the first step to protecting against it, but businesses must resist knee jerk reactions to ban social media use -- which often has a legitimate business function -- altogether."
Since 2017 there has been a 400 to 600 percent increase in the amount of cryptomining malware being detected globally, the vast majority of which has been found on social media platforms. Of the top 20 global websites that host cryptomining software, 11 are social media platforms like Twitter and Facebook. Apps, adverts and links have been the primary delivery mechanism for cryptomining software on social platforms, with the majority of malware detected by this research mining Monero (80 percent) and Bitcoin (10 percent), earning $250m per year for cybercriminals.
"Facebook Messenger has been instrumental in spreading cryptomining strains like Digmine," says Dr McGuire. "Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptomining malware to execute on their devices, consuming more than 80 percent of their CPU to mine Monero. For businesses, this type of malware can be very costly, with the increased performance demands draining IT resources, network infections and accelerating the deterioration of critical assets."
Social media platforms are being used to facilitate traditional crimes too. They are a recruiting ground for 'mules' to carry out money laundering, and the sale of prescription drugs via social media is thought to be netting criminals as much as $1.9 billion a year. Dr McGuire concludes, "Criminals have been quick to understand how to exploit social media to facilitate more traditional crime, whether it's a vehicle to sell something or research potential victims -- for instance, online dating scams generate $138M per year and often rely on using social media pages to trick people."
You can read more in the full report available from the Bromium website.