Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Research Examines Twitter Abuse by Attackers

Twitter is a popular way for millions of people to connect online. It is also a popular way for attackers to spread malicious content.

In a new paper, researchers at Trend Micro revealed the results of analyzing more than a half a billion tweets. The company found that millions of the messages linked to material ranging from phishing pages to malware.

Twitter is a popular way for millions of people to connect online. It is also a popular way for attackers to spread malicious content.

In a new paper, researchers at Trend Micro revealed the results of analyzing more than a half a billion tweets. The company found that millions of the messages linked to material ranging from phishing pages to malware.

“We ended up gathering more than 570 million Tweets in total,” blogged Jon Oliver, senior architect at Trend Micro. “Of these, we identified that more than 33 million – 5.8% of the total – had links to malicious content of some kind of another. Malicious content does not necessarily mean only malware: it can also mean links to spammed advertisements and phishing pages, among other threats. The data collection period was during a period when there was significant spam outbreak.”

Trend Micro identified several types of abuse on Twitter, including spam, phishing, links to malware and accounts beings stolen and suspended.

Advertisement. Scroll to continue reading.

“There are two distinct flavors of spam – traditional spam that uses hash tags, is very obvious, repetitive, and quickly gets shut down,” blogged Oliver. “The second type is what we call “searchable spam”. Searchable spammed tweets are completely different.”

Those tweets, he explained, are more like classified ads – they typically promote pirated or fake products such as software or free movies. Unlike other tweets, they do not make heavy use of hashtags.

“There is a strong Eastern European connection with these tweets as well: many are written in Russian, or hosted on servers in Russia or Ukraine,” he noted. “This threat is much more low-profile than other attacks, and it shows: the probability of Twitter suspending accounts involved in this activity is lower than accounts involved in other malicious activities. All this is designed to avoid users reporting these tweets (and accounts).”

“In addition, half of the traffic to the sites advertised in these tweets [doesn’t] actually come from Russia,” he added. “The users finding these tweets really are interested in what they “need”, even if they need automated translation tools to understand them.”

“Twitter accounts themselves are valuable targets for cybercriminals,” he added. “As a result, various scams that try to get the user credentials of users are common as well. For example, compromised accounts will mention their friends in tweets (or send direct messages), that ask the user to click on a (shortened) URL. This link will eventually lead users to phishing pages that ask for the user’s Twitter account credentials.”

The full paper can be read here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.