Abstract:
Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have ...Show MoreMetadata
Abstract:
Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees' systems. Finally, we discuss security defenses that can be adopted to defend against socioware.
Published in: IEEE Systems Journal ( Volume: 11, Issue: 2, June 2017)