Facebook heightens its network security as it continues to be targeted by internet attackers. In February 2013, a phishing attack was executed which loaded malicious software onto most laptops of its employees. The social network company employees had their laptops attacked by an attack dubbed as “watering hole”. Facebook admitted the attack but said that no user data was compromised. This social network platform hosts more than a billion users and any breach of security could put confidential user’s information at stake.
Although Facebook said that no data was stolen from the attack, it remains a concern for many Facebook users who may feel that their information may be confiscated and ends up in hands of hackivists. Responding to the February attack, Facebook said that last month (January 2013), the company discovered that its systems had been targeted in a sophisticated malware attack.
The occurrence in February happened when some of its employees visited another mobile developer site which had been compromised. When the employees visited the mobile developer website, their laptops were remotely installed with malware that was founded on a previous unknown exploitation named as “zero day” exploit of Java programming. A zero day attack is an attack that exploits a vulnerability that has previously not been known in an network or computer application.
This means that the attack occurs at day zero of any possible awareness of a network vulnerability. To further elaborate on this term, developers consider an attack as zero day when they have zero days to address the vulnerably and provide a patch. Facebook responded swiftly to the February Java flaw vulnerability and remediated all the machines that had been infected.
The law enforcement was also informed of the attack. Facebook further said that it tracked the infection and discovered that it occurred from one laptop and all its laptops were fully-patched. The "zero day" vulnerability was undetectable and easily bypassed the Java sandbox protection leading to the infection by the malware. Following the attack, Facebook also alerted Oracle about the Java flaw and a patch was provided that addressed the vulnerability.
In yet another blow, in late march 2013, Facebook user accounts were said to have been infected with a virus containing a disturbing video. According to the New Britain police department, it said that police had learned that the virus presented itself as a friend sharing a video. If a user opened the video, the virus could attach to the user’s Facebook account and was easily shared to the friends of the user who shared and opened the message.
It would be difficult to detect that it was a virus because it looked as though the video was being shared by a friend but in the real sense, it was a virus. The police department issued a warning that the video was very disturbing because it featured a child pornography and parents were advised to advise their children who have Facebook accounts to refrain from clicking any shared videos.
In addition, users were advised to delete the shared video immediately if it was possible. This social network company has a zero tolerance for child pornography and it said that it will work hard to get rid of such content from its network site. This video orchestrated virus infiltrated Facebook account by inviting users to “Watch this if you’re curious,” The minute a someone clicked on that video, the malware took control of the Facebook user’s account and then began propagating the same malicious link to friends of the user.
No comments:
Post a Comment