Arpad Nagy-Bagoly - stock.adobe.

Cyber criminals earn $3bn a year exploiting social platforms

Businesses urged to respond to research findings that the ready availability of hacking tools, wildfire spread of malware and proliferation of cryptocurrency mining has seen a 300-fold increase in social media-enabled cyber crimes in two years

Social media-enabled cyber crimes are generating at least $3.25bn a year in global revenue and one in five organisations has been infected with malware distributed via social media, according to a study commissioned by virtualisation-based security firm Bromium.

Reports of cyber crime involving social media grew by more than 30,000% between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK, said the research report on the role of social media platforms in the cyber crime economy.

The six-month academic study by Mike McGuire, senior lecturer in criminology at Surrey University, follows his Into the web of profit study published in April 2018 which revealed that top-level cyber criminals are out-earning government leaders and university graduates.

More than 1.3 billion social media users have had their data compromised in the past five years and 45-50% of the illicit trading of data from 2017 to 2018 could be associated with breaches of social media platforms, according to the Social media platforms and the cybercrime economy report.

Four of the top five global websites hosting cryptocurrency mining code are social media platforms, McGuire found, and the number of enterprises infected by cryptocurrency mining malware doubled between 2017 and 2018.

Of the top 20 global websites that host cryptocurrency mining software, 11 are social media platforms such as Twitter and Facebook. Apps, adverts and links are the primary delivery mechanism for cryptocurrency mining software on social platforms, with the majority of malware detected by this research mining monero (80%) and bitcoin (10%), earning $250m a year for cyber criminals.

“Facebook Messenger has been instrumental in spreading cryptocurrency mining strains like Digmine,” said McGuire. “Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptocurrency mining malware to execute on their devices, consuming more than 80% of their processing power to mine monero.

“For businesses, this type of malware can be very costly, with the increased performance demands draining IT resources, network infections and accelerating the deterioration of critical assets.”

Social platforms have become increasingly important to the business of digital currency scams involving fraudulent cryptocurrency investments, the research shows. “One trend on social media has been the hijacking of trustworthy verified accounts,” said McGuire. “In one case, hackers took over the Twitter account for UK retailer Matalan and changed it to resemble Elon Musk’s profile. Tweets were then sent out asking for a small bitcoin donation with the promise of a reward. Safe to say, nobody who donated got anything in return.”

Social media platforms also contain up to 20% more methods for malware to be delivered to users through adverts, shares and plug-ins, than comparable sources, such as e-commerce, digital media or corporate websites. This further underlines the need for businesses to evaluate the risk that employee use of social media is posing to the organisation and how this risk is being mitigated.

Other key findings of the study include that social media has fuelled a 36% increase in the recruitment of “millennial money mules” since 2016 and has increased fraud revenues by 60% since 2017; that crimeware tools and services are widely available on 40% of social media sites; that social media platforms enable an underground economy for the trading of stolen data, such as credit card details, earning cyber criminals $630m a year; and that social media platforms have become a major source of malware distribution.

Read more about cyber crime

“Social platforms and dark web equivalents are becoming blurred, with tools, data and services being offered openly or acting as a marketing entry-point for more extensive shopping facilities on the dark web,” said McGuire. “One account on Facebook offers the opportunity to trade or learn about exploits and advertises on Twitter to attract buyers.

“We also found evidence of botnet hire on YouTube, Facebook, Instagram and Twitter, with prices ranging from $10 a month for a full-service package with tutorials and tech support, to $25 for a no-frills lifetime subscription – cheaper than Amazon Prime.”

McGuire said this raises a very real concern for the enterprise that the ready availability of cyber crime tools and services makes it much easier for hackers to launch cyber attacks.

Gregory Webb, CEO of Bromium, said social media platforms have become near-ubiquitous and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses and local governments, as well as individuals.  

“Hackers are using social media as a trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high-value assets,” he said. “Understanding this is the first step to protecting against it.”

However, Webb said businesses must resist knee-jerk reactions to ban social media use, which often has a legitimate business function.

“Instead, organisations can reduce the impact of social media-enabled attacks by adopting layered defences that utilise application isolation and containment,” he said.

“This way, social media pages with embedded, but often undetected, malicious exploits are isolated within micro separate virtual machines, rendering malware infections harmless. Users can click links and access untrusted social-media sites without risk of infection.”

The findings and analysis in the study report are based on an analysis of data drawn from leading social media platforms, interviews with social media users, secondary data sources from academics, business and law enforcement, and observation of posts, comments and uploads.

Read more on Hackers and cybercrime prevention