Facebook Hacked in Sophisticated Attack, Java Zero-Day Used to Push Malware

Fortunately, there’s no evidence that user data has been compromised

By on February 16th, 2013 07:31 GMT

Facebook is the latest company to announce that it has been the victim of a sophisticated cyberattack. Fortunately, user data has not been compromised in the incident.

According to Facebook Security, the attack occurred last month, when some of the company’s employees visited a compromised mobile developer website.

The site in question hosted a Java exploit which pushed malware onto the employees’ devices.

It’s interesting to note that the laptops in question were fully patched and running up-to-date antivirus software, but the malicious elements managed to bypass all the security mechanisms.

The Java zero-day exploited in the attack was reported by Facebook to Oracle as soon as it was discovered. Oracle patched the issue on February 1, when it released the first version of this month’s Critical Patch Update (CPU).

The breach was detected by the team that’s in charge of tracking threats and monitoring the company’s infrastructure for attacks.

“In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops,” Facebook representatives explained in a blog post.

The company warns that it wasn’t alone in this attack and that others were infiltrated as well. However, they didn’t specifically name any companies.

“It certainly comes as no surprise that Facebook was infected with malware, after all, it is the richest repository of consumer data and information on the planet — an information thief’s Holy Grail,” Rob Kraus, Solutionary Security Engineering Research Team (SERT) director of research, told Softpedia.

“It is also no surprise to learn on the Facebook blog that that anti-virus technologies did not prevent it from happening, as we revealed in our recent Q4 threat report that malware can slip past leading AV solutions 67 percent of the time,” he added.

Kraus believes Facebook should follow the example of The New York Times and reveal the name of the antivirus solutions used on the infected laptops as it would tip off providers that they need to take action. In addition, it would let everyone with a stake in malware defense take appropriate measures.

“Keeping AV solutions updated is certainly a best practice, but research demonstrates this isn’t enough. To protect against the latest strains of malware organizations, especially those that are highly targeted, need to stop relying on solutions that can provide a single point of failure,” the expert explained.

“To fully combat threats, organizations have to start knowing what the bad guys know – that is the only way to have a fighting chance.”

Comments