This month, security researchers have discovered cybercriminals are conducting social media ransomware attacks using Facebook Messenger and LinkedIn. Social media posts have long been used by cybercriminals to direct people to malicious websites containing exploit kits that download malware; however, the latest social media ransomware attacks are different.
According to researchers at CheckPoint Security, the social media ransomware attacks take advantage of vulnerabilities in Facebook Messenger. Images are being sent through Facebook Messenger with double extensions. They appear as a jpeg or SVG file, yet they have the ability to download malicious files including ransomware. The files are understood to use a double extension. They appear to be images but are actually hta or js files.
CheckPoint says “The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file.” The report goes on to say “This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.” No technical details have been released as CheckPoint claim the vulnerability has yet to be fixed by Facebook.
Earlier this week, security researcher Bart Blaze claimed to have also identified a Facebook Messenger campaign that was allegedly being used to spread Locky ransomware. Blaze said an SVG image was being sent via Facebook Messenger that contained malicious JavaScript code that installed a malware downloader called Nemucod. Nemucod subsequently downloaded Locky. This is also the first time that the actors behind the infamous Locky ransomware are believed to have used Facebook Messenger to spread infections.
Facebook responded to Blaze’s claim saying the problem was not related to Messenger, but involved bad Chrome extensions. Facebook said the problem had been reported to the appropriate parties.
Ransomware Attacks on the Rise
According to the Kaspersky Security Network, ransomware attacks on SMBs have increased eightfold in the past 12 months. The problem is also getting worse. More than 200 ransomware families have now been discovered by security researchers, and new forms of the malicious file-encrypting software are being released on a daily basis.
Any business that is not prepared for a ransomware attack, and has not implemented security software to protect computers and networks, is at risk of being attacked. A recent survey conducted by Vanson Bourne on behalf of SentinelOne showed that 48% of organizations had been attacked with ransomware in the past 12 months. Those companies had been attacked an average of 6 times.
How to Prevent Social Media Ransomware Attacks
Social media ransomware attacks are a concern for businesses that do not block access to social media platforms in the workplace. It is possible to prevent employees from accessing social media websites using WebTitan, although many businesses prefer to allow employees some time to access the sites. Instead of blocking access to Facebook, businesses can manage risk by blocking Facebook Messenger. With WebTitan, it is possible to block Facebook Messenger without blocking the Facebook website.
If WebTitan is installed, webpages that are known to contain malware or ransomware downloaders will be blocked. When individuals link to these malicious websites in social media posts, employees will be prevented from visiting those sites. If a link is clicked, the filtering controls will prevent the webpage from being accessed.
To find out more about how WebTitan can protect your organization from web-borne threats such as ransomware and to register for a free trial of WebTitan, contact the Sales Team today.
Many employers are not entirely happy with employees using social media sites in the workplace, and with good reason: There are many risks of social media in business and the costs can be considerable.
Social Media Use Can be a Huge Drain on Productivity
When employees are spending time updating their Facebook accounts or checking Twitter they are not working. All those minutes spent on social media platforms really do add up. Social media site use can be a major drain on productivity.
If every employee in an organisation spends an hour a day on social media sites, the losses are considerable. Unfortunately, many employees spend much more than an hour a day on the sites.
Salary.com reports that around 4% of employees waste more than half of each day on non-work related tasks. For a company employing 1,000 members of staff, that equates to more than 160 hours lost each day, not including the hour or two spent on social media sites by the remaining 96% of the workforce.
Social media site use is not all bad, in fact, the use of the sites can be good for productivity. Employees cannot be expected to work solidly for 8 or more hours each day; at least not 8 highly productive hours. If employees enjoy some ‘Facetime’ every hour or two, it can help them to recharge so they are more productive when they return to their work duties.
The problem for employers is how to control the use of Facebook in the workplace and ensure that social media site use is kept within acceptable limits. Taking 5 minutes off every hour or two is one thing. Taking longer can have a seriously negative impact. Unfortunately, relying on employees to self-moderate their use of social media sites may not be the best way to ensure that Internet use is not abused.
The Cost of Social Media Use Can Be Severe
Productivity losses can have a serious negative impact on profits, but there are far biggest costs to employers from social media site use. In fact, the risks of social media in business are considerable.
The cost from lost productivity can be bad, but nowhere near as bad as the cost of a malware or ransomware infection. Social media sites are commonly used by hackers to infect computers. Just visiting a malicious Facebook or Twitter link can result in a malware or ransomware infection. The cost of resolving those infections can be astronomical. The more time employees spend on non-work related Internet activities, the greater the risk of a malware infection.
Is there a genuine risk? According to PC Magazine, the risks are very real. There is a 40% chance of infection with malicious code within 10 minutes of going online and a 94% chance of encountering malicious code within an hour.
Controlling employees’ use of the Internet can not only result in huge increases in productivity, Internet control can help to reduce the risk of malware and ransomware infections. Further, by limiting the sites that can be accessed by employees, organizations can greatly reduce legal liability.
Fortunately, there is a simple, cost-effective, and reliable solution that allows organisations to effectively manage the risks of social media in business: WebTitan.
Managing the Risks of Social Media in Business
WebTitan is an innovative web filtering solution that allows organizations to accurately enforce Internet usage policies. Employers can block inappropriate content to effectively reduce legal liability, block or limit the use of social media sites to improve productivity, and prevent users from encountering malicious code that could give cybercriminals a foothold in the network.
If you have yet to implement a web filtering solution to control Internet use in the workplace or you are unhappy with the cost or performance of your current web filtering product, contact TitanHQ today and find out more about the difference WebTitan can make to your bottom line.
To find out more about the risks of social media in business and why it is now so important to manage social media use in the workplace, click the image below to view our informative infographic.
One of the questions most frequently asked of the WebTitan customer support team is how to block Facebook chat at work without blocking access to Facebook entirely.
Why Block Facebook Chat at Work?
There are many reasons why an organization would want to prevent employees from accessing Facebook. Social media websites can be a drain on productivity. Some employees may spend hours of each day accessing and updating their Facebook account, which is time spent not working.
However, an employee cannot remain productive for a full eight hours each day. By allowing access to Facebook – and other social media sites – employers can actually increase productivity, providing social media site use is kept within acceptable limits.
If employees take short breaks throughout the day and access Facebook for a few minutes every hour, they are likely to be more productive. Morale can also be improved with a little social media site use.
However, there is the question of security to consider and Facebook chat is a particular cause for concern. Many organisations believe Facebook Chat is a security risk. Use of Facebook chat can increase the risk of malware infections. The chat function also lacks the security standards demanded by many organizations and makes it too easy for employees to share sensitive corporate data. Use of Facebook chat is also difficult to police.
How to Block Facebook Chat Without Blocking Facebook Access
With WebTitan Cloud it is easy to block Facebook chat at work without blocking Facebook access entirely. The process takes just a few seconds and is detailed in the video presentation below (and described underneath.)
To block Facebook chat at work, open your WebTitan Cloud administration panel and navigate to “Filtering URL keywords.”
To block Facebook chat you need to add in two blacklisted keywords. Enter in the first keyword:
ajax/updatestatus.php
Then set filter options to ‘find keyword in entire URL’
The second keyword that must be blocked is:
ajax/mercury/send_messages.php
As before, set filter options to ‘find keyword in entire URL’
These two files are used by Facebook chat and if the files are blocked, the Facebook chat will not function, although the Facebook website will still be accessible.
In order for URL keywords to work correctly it is necessary to have the SSL certificate pushed out to the browsers. Further information on how to do this via GPO or manually can be found in the help section on the WebTitan website.