The same social media platforms that you use to keep up with friends and family – Facebook, Twitter, Instagram and YouTube – have given rise to a vast global cyber criminal network, according to a new report by cybersecurity firm Bromium. The report on social media cyber crime, carried out as part of a six-month academic study by a criminology expert at the University of Surrey in the UK, detailed all of the various tactics – ranging from cryptojacking to botnets for hire – used by cyber criminals around the world to earn nearly $3.25 billion annually by exploiting popular social platforms.
Details of the report on social media cyber crime
According to the Bromium report (“Social Media Platforms and the Cybercrime Economy”), nearly 1 in 5 organizations worldwide are now infected by malware distributed by social media. Moreover, the problem of social media cyber crime is growing at an astonishing rate. In the U.S., for example, social media cyber crime increased nearly 300-fold in the period from 2015 to 2017.
Everywhere you look on social media, in fact, you’ll find traces of social media cyber crime. In some cases, it’s hiding in plain sight – as in hacking tools and services being advertised to be deployed or downloaded; botnots for hire; and invitations to participate in digital currency scams. And the price of admission is hardly out of reach – in some cases, the UK research team found that you could hire your own personal botnet for as little as $10 per month.
In most cases, however, social media cyber crime is more cleverly disguised. For example, tiny adverts for big-name consumer brands on YouTube might actually be malware delivery vehicles for cryptojacking schemes. And invitations to take part in get-rich-quick online scams might actually be a clever form of money laundering. The Bromium report even coined a new term – “millennial money mule” – to describe a young UK resident under the age of 21 who might unwittingly open up bank accounts in order to help launder ill-gotten gains of cyber criminals.
Why social media platforms are so desired by cyber criminals
Given the rapid pace of growth and the near ubiquity of social media cyber crime on the Internet, the inevitable question becomes: Why have cyber criminals chosen to focus on social media platforms like Facebook, Twitter, Instagram, and YouTube? One easy answer is that these sites make it very easy to share and pass on just about anything – and that includes malware. In fact, the security researchers found that social media platforms, on average, have 20 percent more methods to scam and rip off consumers than other websites. These methods include adverts, sharing buttons and plug-ins. Plus, the fact that most people have hundreds, if not thousands, of connections on these social media platforms make it very convenient to distribute malware to a wide audience with surprisingly few negative consequences.
In fact, the researchers even went so far as to characterize every social media platform as a “Trojan horse” that could be used by hackers and cyber criminals to pull off increasingly sophisticated and brazen criminality. In the past two years, for example, “cryptojacking” (i.e. the taking over of another computer’s computing resources to mine cryptocurrency) has emerged as one way to monetize malware. Once the malware has been inserted into someone else’s browser, it can go to work mining cryptocurrency for cyber criminals located thousands of miles away. As a result, 4 of the top 5 sites hosting cryptojacking code are social media platforms. And, of the top 20 sites hosting cryptojacking code, 11 are social media platforms. The researchers specifically called out Facebook Messenger for its role in propagating the Digmine cryptomining strain.
Data breaches and the illegal trade in personal information
One popular form of social media cyber crime involves the illicit trading of personal data from hacked social media accounts. In the past five years, says the Bromium report, nearly 1.3 billion social media users worldwide have had their social media accounts hacked. As a result, anywhere from 45 to 50 percent of all illicit trading of personal information – including stolen credit card information as well as username and password combos – could be traced back to social media platforms. Now that people share every detail of their personal lives online, it makes it easier than ever before for hackers to carry out these cyber crimes. According to the report, the underground economy for stolen personal data is now worth as much as $630 million each year to cyber criminals.
Moreover, social media accounts are sometimes hacked with the sole intention of using it as a way to generate fake accounts to ensnare even more web users. The Bromium report mentioned that hackers liked to masquerade as famous web or Internet personalities (e.g. Elon Musk). Once they’ve set up a fake account, they can then ask users to send them money, perhaps with the goal of winning a prize or getting free cryptocurrency deposited into their account.
Other social media cyber crimes
Of course, the range of possible cyber crime is really up to the imagination of the hacker or criminal. The illegal sale of prescription drugs, for example, was tagged by the report as a potential $1.9 billion opportunity for cyber hackers. Moreover, now that cannabis has been legalized in some nations of the world (including Canada and a growing number of U.S. states), it’s likely that new scams will involve cannabis and other forms of recreational marijuana.
And don’t forget about “traditional crime.” The two most common forms made possible by social media include money laundering and the use of “money mules” that can help cyber criminals transform their ill-gotten gains into cash. These “money mules” are usually young millennials who have no idea that they are being used as pawns in global money laundering efforts.
But what are the big social media companies doing about the problem of social media cyber crime?
Social media sites need to be doing more to protect their users. They can no longer turn a blind eye to activities that are occurring right in front of them on their sites, in full view of everyone. If hackers feel comfortable advertising their services on social networks, and if social media channels are doing nothing to stop dangerous adverts filled with malware, then is it any wonder that hackers are ramping up their efforts? Clearly, social media platforms need to be doing more so that cybercrime doesn’t have an opportunity to flourish.