The expansion of microblogging site Twitter has meant that millions of people around the world use it, often at work. Like any online trend, malicious groups are attempting to exploit its popularity and security firm Symantec is warning that this could put businesses at risks as employees tweet from work and risk unintentional infection of IT systems from spammers and cybercriminals.
The way to best solve the problem is not to block Twitter but instead to instruct employees on how it can be used safely, according to Symantec.
The most common way to exploit Twitter users and get them to visit malicious sites is to piggyback on a trending topic, cut out the relevant shortened link and replace it with a similarly shortened link that,instead, sends those who click it to a site which could damage systems, breach security and steal data.
Symantec’s Candid Wueest, said that many Twitter users were unable to differentiate between safe links and those which could be potentially harmful. Wueest pointed out that even when ostensibly reputable websites were the subject of a link, it was possible for the criminals to have hijacked the address and therefore spread viruses and malware in relative secret.
Wueest said that one option to combat the threat from Twitter is to keep up to date security software on all work computers, although this is not the only remedy for the problem.
The operators of Twitter itself are also working to limit the impact of malicious links if not eradicate them completely, by allowing users the chance to expand shortened links before they visit them in order to check up on their veracity. The doubling up of URL shorteners might potentially bypass this technique, but Twitter is hoping to overcome any of these basic circumventions that criminals will attempt.
URL shortening has become prevalent in spam of all kinds, with around 18 per cent of malicious emails sent this year containing a shortened link, which is twice as many as in the previous year according to Symantec.