Antisocial media sites like Facebook, LinkedIn, Twitter, and YouTube aren't merely inciting hatred, enabling discrimination, driving content moderators to the brink, and showing kids how to commit suicide. They're also making cybercrime more practical and profitable, at the expense of law-abiding internet users.

In a cybersecurity survey, titled Social Media Platforms and the Cybercrime Economy, scheduled for release on Tuesday and sponsored by security biz Bromium, Mike McGuire, senior lecturer in criminology at the University of Surrey in England, finds that crimes enabled by social media create at least $3.25bn in global cybercrime revenue annually.

Such cybercrime affects business as well as individuals: one in five organizations has been infected with malware distributed through social media, according to the study, and one in eight has had data exposed by social media malware. Among individuals, over 1.3bn social media users have had data exposed in the past five years, it is claimed.

Social media platforms aspire to distribute viral content and they do manage to be contagious. About half the illicit data trading that occurred from 2017 through 2018 could be traced to compromised social media platforms. And four of the top five global websites carrying cryptomining code were social media platforms, or so we're told.

Image problem

One reason for this is that social media platforms have as much as 20 per cent more methods by which malware can be delivered – they have more images, videos, advertisements, and plugins – than media websites.

The problem is magnified by the tendency of social media users to trust content from people they recognize, which makes distributing malicious content easier.

The report says, "The very nature of interaction across social networks promotes rapid and seamless spread of infection – a problem made vastly more complicated by the tendency for social media to allow user profiles to be shared across multiple platforms."

About 30 to 40 per cent of social media malware comes from ads, the report says, and another 30 per cent of social media infections come from social media plugins. At some sites, the percentage is higher – over 60 per cent of infections on Facebook come from third-party apps downloaded from the site.

Gregory Webb, CEO of Bromium, in a statement, said hackers use social media as a Trojan horse to attack enterprises.

Businesses, the report argues, need to better understand how social media gets used by employees and must craft defenses that go beyond bans that won't be effective anyway.

McGuire's research combines original data drawn from the 10 largest social media sites with secondary data drawn from various sources over the past few years. His report concludes that social media companies need to do more to keep cybercriminals from exploiting their platforms and from profiting from cybercrime. They also need to do more to ferret out fake accounts, he argues.

The social media giants have been urged to take more responsibility for years. Rather than shouldering the expense of preemptive editorial oversight, they prefer after-the-fact content reviews that leave moderators traumatized or radicalized. ®