Report: Cybercriminals earn over $3.25 billion annually from social media-enabled cybercrime; enterprises infected with cryptomining malware doubled
Since its inception, the internet has brought a lot of benefits to pretty much everyone from developed nations to third world countries in Africa, Asia and South America. The internet now makes it easy for anyone to find information at their fingertips and also enable for family and friends to communicate via different smart devices and social media platforms. The Internet has also fueled business growth and level the playing field by making it easier for smaller companies to conduct business online. We now live in “XaaS” world where everything is offered as Anything as a Service or XaaS.
However, the internet is not without its downsides. It comes with challenges and pitfalls. The internet has now become the attack surface for cybercriminals to conduct their malicious activities. Welcome to Cybercrime-as-a-Service (CaaS). Last year, Bromium, a cybersecurity company and the pioneer and leader in application isolation and containment that stops advanced malware attacks, reported that up to $200 billion in illegal cybercrime profits is laundered each year. Cybercriminals have turned to virtual currencies, video game currency and digital payment systems like PayPal to convert illegal revenue into clean cash.
Now the company has released a new report for 2018 titled: “Social Media Platforms and the Cybercrime Economy.” The report details the range of techniques utilized by cybercriminals to exploit trust and enable rapid infection across social media. It also details the range of services being offered in plain sight on social networks, including: hacking tools and services, botnets for hire, facilitated digital currency scams and more.
The findings come from ‘Social Media Platforms and the Cybercrime Economy’, an extensive six-month academic study sponsored by Bromium and undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey. The study is the next chapter of ‘Into the Web of Profit’ and examines the role of social media platforms in the cybercrime economy.
Key insights include:
- Social media-enabled cybercrimes are generating at least $3.25B in global revenue annually
- One in five organizations have been infected with malware distributed via social media
- Reports of cybercrime involving social media grew by more than 300-fold between 2015 and 2017 in the US, and social media-enabled crime quadrupled between 2013 and 2018 in the UK
- Over 1.3 billion social media users have had their data compromised within the last five years and between 45-50 percent of the illicit trading of data from 2017 to 2018 could be associated with breaches of social media platforms
- Four of the top five global websites hosting cryptomining code are social media platforms
- The number of enterprises infected by cryptomining malware doubled from 2017 to 2018
- Social media platforms contain up to 20 percent more methods by which malware can be delivered to users – e.g. through adverts, shares, plug-ins – than comparable sources, such as ecommerce, digital media or corporate websites
- Social media has fueled a 36 percent increase in the recruitment of ‘millennial money mules’ since 2016 and has increased fraud revenues by 60 percent since 2017
“Social media platforms have become near ubiquitous, and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals,” commented Gregory Webb, CEO of Bromium. “Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets. Understanding this is the first step to protecting against it, but businesses must resist knee jerk reactions to ban social media use – which often has a legitimate business function – altogether.
“Instead, organizations can reduce the impact of social media-enabled attacks by adopting layered defenses that utilize application isolation and containment,” concludes Webb. “This way, social media pages with embedded but often undetected malicious exploits are isolated within separate micro-virtual machines, rendering malware infections harmless. Users can click links and access untrusted social-media sites without risk of infection.”
Cryptomining and digital currency scams
Since 2017 there has been a 400 to 600 percent increase in the amount of cryptomining malware being detected globally, the vast majority of which has been found on social media platforms. Of the top 20 global websites that host cryptomining software, 11 are social media platforms like Twitter and Facebook. Apps, adverts and links have been the primary delivery mechanism for cryptomining software on social platforms, with the majority of malware detected by this research mining Monero (80 percent) and Bitcoin (10 percent), earning $250m per year for cybercriminals.
“Facebook Messenger has been instrumental in spreading cryptomining strains like Digmine,” said Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey. “Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptomining malware to execute on their devices, consuming more than 80 percent of their CPU to mine Monero. For businesses, this type of malware can be very costly, with the increased performance demands draining IT resources, network infections and accelerating the deterioration of critical assets.”
In addition, social platforms have become increasingly important to the business of digital currency scams involving fraudulent crypto-currency investments. “One trend on social media has been the hijacking of trustworthy verified accounts,” continued Dr. McGuire. “In one case, hackers took over the Twitter account for UK retailer Matalan and changed it to resemble Elon Musk’s profile. Tweets were then sent out asking for a small bitcoin donation with the promise of a reward. Safe to say, nobody who donated got anything in return.”
Social media in the middle of a chain exploitation and malicious malware attacks
The report found crimeware tools and services widely available on social media platforms. Up to 40 percent of inspected social media sites had a form of hacking service offering hackers for hire, hacking tutorials and tools to help hack websites. Social media platforms also enable an underground economy for the trading of stolen data, such as credit card details, earning cybercriminals $630m per year.
“Social platforms and dark web equivalents are becoming blurred, with tools, data and services being offered openly or acting as a marketing entry-point for more extensive shopping facilities on the dark web,” said Dr. McGuire. “One account on Facebook offers the opportunity to trade or learn about exploits and advertises on Twitter to attract buyers. We also found evidence of botnet hire on YouTube, Facebook, Instagram and Twitter, with prices ranging from $10 a month for a full-service package with tutorials and tech support to $25 for a no-frills lifetime subscription – cheaper than Amazon Prime. For the enterprise, this raises a very real concern that the ready availability of cybercrime tools and services make it much easier for hackers to launch cyberattacks.”
Social media platforms have become a major source of malware distribution. The research found that up to 40 percent of malware infections on social media come from malvertising, and at least 30 percent come from plug-ins and apps, many of which lure users in by offering additional functionality or deals. Once the user clicks, the malware executes – allowing hackers to steal data, install keyloggers, deliver ransomware, persist and hide for future attacks and so on. The spread of malware is facilitated by large user bases and the fact that many social media sites share user profiles across platforms, enabling “chain exploitation”, whereby malware can spread across multiple social media sites from one account.
“While adverts on Facebook or Instagram may look like they’re promoting Ray-Ban sunglasses or Nike shoes, they’re often more sinister and deliver malware once clicked,” explained Dr. McGuire. “Cybercriminals have been quick to see how the social nature of such platforms can be used to spread malware. They imbed malware into posts or friends’ updates and use photo tag notifications to persuade users to open infected attachments.”
Social media enabling traditional crime
Social media platforms are also hosting a thriving criminal ecosystem for more traditional crime. They serve as a recruitment center for money mules used for laundering, with posts or adverts offering opportunities to earn large amounts of money in a short time. “As we saw in the previous report, platform criminality extends beyond cybercrime, with traditional crime also being enabled by platforms,” said Dr. McGuire. “These platforms have brought money laundering to the kind of individuals not typically associated with this crime – young millennials and generation Z. Data from UK banks suggests there might be as many as 8,500 money mule accounts in the UK owned by individuals under the age of 21, and most of this recruitment is conducted via social media.”
The illegal sale of prescription drugs is netting criminals $1.9B per year. The report also found a large amount of drugs like cannabis, GHB and even fentanyl being sold on Twitter, Facebook, Instagram and Snapchat. Social media is enabling a wide variety of financial and online romance fraud. “Around 0.2 percent of social media posts examined for this report involved financial fraud, helping to generate $290m in revenue per year,” concluded Dr. McGuire. “Criminals have been quick to understand how to exploit social media to facilitate more traditional crime, whether it’s a vehicle to sell something or research potential victims – for instance, online dating scams generate $138m per year and often rely on using social media pages to trick people.”
About the study
Into the Web of Profit is an academic study that was launched by Bromium in April of 2018. The report, which was researched and written by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey provided an explanation of the emergence of a new form of platform criminality, mirroring the platform capitalism currently used by companies like Uber and Amazon, where data is the commodity. Social Media Platforms and the Cybercrime Economy is the next instalment in the Web of Profit body of research. The findings and analysis contained in this report are the culmination of a six-month analysis of data drawn from leading social media platforms, interviews with social media users, secondary data sources from academics, business, law enforcement, and observation of posts, comments and uploads.
About Bromium, Inc.
Bromium protects your brand, data and people using virtualization-based security via application isolation. We convert an enterprise’s largest liability – endpoints – into its best defense. By combining our patented hardware-enforced containerization to deliver application isolation and control, with a distributed Sensor Network to protect across all major threat vectors and attack types, we stop malware in its tracks. Unlike traditional security technologies, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware. Bromium offers defense-grade security and counts a rapidly growing set of Fortune 500 companies and government agencies as customers.
You can download the Social Media Platforms and the Cybercrime Economy report here.