Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Research Examines Twitter Abuse by Attackers

Twitter is a popular way for millions of people to connect online. It is also a popular way for attackers to spread malicious content.

In a new paper, researchers at Trend Micro revealed the results of analyzing more than a half a billion tweets. The company found that millions of the messages linked to material ranging from phishing pages to malware.

Twitter is a popular way for millions of people to connect online. It is also a popular way for attackers to spread malicious content.

In a new paper, researchers at Trend Micro revealed the results of analyzing more than a half a billion tweets. The company found that millions of the messages linked to material ranging from phishing pages to malware.

“We ended up gathering more than 570 million Tweets in total,” blogged Jon Oliver, senior architect at Trend Micro. “Of these, we identified that more than 33 million – 5.8% of the total – had links to malicious content of some kind of another. Malicious content does not necessarily mean only malware: it can also mean links to spammed advertisements and phishing pages, among other threats. The data collection period was during a period when there was significant spam outbreak.”

Trend Micro identified several types of abuse on Twitter, including spam, phishing, links to malware and accounts beings stolen and suspended.

“There are two distinct flavors of spam – traditional spam that uses hash tags, is very obvious, repetitive, and quickly gets shut down,” blogged Oliver. “The second type is what we call “searchable spam”. Searchable spammed tweets are completely different.”

Those tweets, he explained, are more like classified ads – they typically promote pirated or fake products such as software or free movies. Unlike other tweets, they do not make heavy use of hashtags.

“There is a strong Eastern European connection with these tweets as well: many are written in Russian, or hosted on servers in Russia or Ukraine,” he noted. “This threat is much more low-profile than other attacks, and it shows: the probability of Twitter suspending accounts involved in this activity is lower than accounts involved in other malicious activities. All this is designed to avoid users reporting these tweets (and accounts).”

“In addition, half of the traffic to the sites advertised in these tweets [doesn’t] actually come from Russia,” he added. “The users finding these tweets really are interested in what they “need”, even if they need automated translation tools to understand them.”

“Twitter accounts themselves are valuable targets for cybercriminals,” he added. “As a result, various scams that try to get the user credentials of users are common as well. For example, compromised accounts will mention their friends in tweets (or send direct messages), that ask the user to click on a (shortened) URL. This link will eventually lead users to phishing pages that ask for the user’s Twitter account credentials.”

The full paper can be read here.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.