February 16, 2013

In a Blog we posted a few months ago, we observed how hackers use social networking sites to develop target lists for phishing scams. We even had an unfortunate example of how such a scam targeted the White House.

Recently, in October 2012, Research by Deloitte identified that 82% of CISOs see phishing & pharming as their greatest cyber security threat.

Modern Phishing

It is important to note that modern phishing and pharming techniques are just as effective and scary malware infection vectors as more traditional threats, such as SQL injection.

Pharming attacks can hit an organization by impersonating or imposing on a software vendor, an open source organization or a user forum, where malicious code is hidden or redirected to from the offending Web site.

For example, a pharming infection might:

  1. Either hack an existing site (a common practice) or build a site offering an open-source “plugin-for-something-great” and make sure that the link redirects to malicious software
  2. Users that need this piece of software will download the payload, or hacker will use a 0-day to infect them directly from the browser.
  3. Infect.

The Facebook Incident

Today, Facebook disclosed that several of its developers got Hacked. The infection vector as stated, was a drive-by malware exploit that was hidden on a mobile site the developers were using. The attack used a 0-day Java vulnerability to infect their computers.

Although Facebook denies having any data loss because of this incident, it is almost impossible to know that is really the case.

What does this incident teach us?

In Facebook’s case they claim no data loss, which is difficult to guarantee, unless data access is regulated with proper controls. Controlling data access in your organization ensures that incidents such as this do not result in data loss, even when malware 0-days cannot be prevented – you can prevent data loss and business deep hit.

Facebook is considered a young company employing brilliant minds that are very good at what they do, and as a technology driven company most of its employees would be considered technology aware. And yet, a malware drive-by has caused a breach.


Authors:

Share:
Share on LinkedIn

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.