In a Blog we posted a few months ago, we observed how hackers use social networking sites to develop target lists for phishing scams. We even had an unfortunate example of how such a scam targeted the White House.
Recently, in October 2012, Research by Deloitte identified that 82% of CISOs see phishing & pharming as their greatest cyber security threat.
It is important to note that modern phishing and pharming techniques are just as effective and scary malware infection vectors as more traditional threats, such as SQL injection.
Pharming attacks can hit an organization by impersonating or imposing on a software vendor, an open source organization or a user forum, where malicious code is hidden or redirected to from the offending Web site.
For example, a pharming infection might:
- Either hack an existing site (a common practice) or build a site offering an open-source “plugin-for-something-great” and make sure that the link redirects to malicious software
- Users that need this piece of software will download the payload, or hacker will use a 0-day to infect them directly from the browser.
The Facebook Incident
Today, Facebook disclosed that several of its developers got Hacked. The infection vector as stated, was a drive-by malware exploit that was hidden on a mobile site the developers were using. The attack used a 0-day Java vulnerability to infect their computers.
Although Facebook denies having any data loss because of this incident, it is almost impossible to know that is really the case.
What does this incident teach us?
In Facebook’s case they claim no data loss, which is difficult to guarantee, unless data access is regulated with proper controls. Controlling data access in your organization ensures that incidents such as this do not result in data loss, even when malware 0-days cannot be prevented – you can prevent data loss and business deep hit.
Facebook is considered a young company employing brilliant minds that are very good at what they do, and as a technology driven company most of its employees would be considered technology aware. And yet, a malware drive-by has caused a breach.