Skip to main content

Scientists combat cyber-attacks on Twitter

30 September 2015

tab on computer showing Twitter URL

University researchers develop intelligent system to identify malicious links spread through social media

Cyber-criminals are taking advantage of real-world events with high volumes of traffic on Twitter, such as the Superbowl and Cricket World Cup, in order to post links to websites which contain malware.

To combat the threat posed in this ‘perfect environment’, researchers from the University have created an intelligent system to identify malicious links disguised in shortened URLs on Twitter. They will test the system in the European Football Championships next summer. The research is co-funded by the Engineering and Physical Sciences Research Council (EPSRC) and the Economic and Social Research Council (ESRC).

In a recent study the research team, from the Social Data Science Lab, identified potential cyber-attacks within five seconds with up to 83% accuracy and within 30 seconds with up to 98% accuracy, when a user clicked on a URL posted on Twitter and malware began to infect the device.

The scientists collected tweets containing URLs during the 2015 Superbowl and Cricket World Cup finals, and monitored interactions between a website and a user’s device to recognise the features of a malicious attack. Where changes were made to a user’s machine such as new processes created, registry files modified or files tampered with, these showed a malicious attack.

The team subsequently used system activity to train a machine classifier to recognise predictive signals that can distinguish between malicious and benign URLs.

Dr Pete Burnap, Director of the Social Data Science Lab at Cardiff University, and lead scientist on the research, said: “Unfortunately the high volume of traffic around large scale events creates a perfect environment for cyber-criminals to launch surreptitious attacks. It is well known that people use online social networks such as Twitter to find information about an event.

“Attackers can hide links to malicious servers in a post masquerading as an attractive or informative piece of information about the event.

 “URLs are always shortened on Twitter due to character limitations in posts, so it’s incredibly difficult to know which are legitimate. Once infected the malware can turn your computer into a zombie computer and become part of a global network of machines used to hide information or route further attacks.

 “In a 2013 report from Microsoft these ‘drive-by downloads’ were identified as one of the most active and commercial risks to Cyber security.

“At the moment many existing anti-virus solutions identify malware using known code signatures, which make it difficult to detect previous unseen attacks.”

Professor Philip Nelson, Chief Executive, EPSRC said:  “Using social media is an integral part of modern life, vital to organisations, businesses and individuals. The UK needs to operate in a resilient and secure environment and this research will help combat these criminal Cyber-attacks.”