Page 54 - index
P. 54
Protecting Against New Security Weaknesses in Facebook
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
Much has been written about how the human element can be the weakest link in the security
chain. Lack of awareness or a single lapse in judgement and the attacker is in. New Facebook
vulnerabilities are just the latest example of how attackers are targeting employees to infiltrate
corporate networks.
Security researchers at WebSegura found two
different security issues in Facebook's API that
could allow a hacker to plant malware on
unsuspecting users' machines when they log into
their Facebook account. For businesses with
employees who check their profiles during the
workday, this looks like yet another attack vector
for hackers to exploit.
The two threats identified could have disastrous
implications for businesses. One vulnerability
allows hackers to plant malware on the user's
machine by sending a link that appears to be from
a trusted domain. In this case, the user receives
an offer for a download that looks like it's from a trusted Facebook domain. If the user agrees to
the download, a malicious user could gain control over the victim's computer and use it to
launch attacks on the network. The second attack method targets Facebook users who haven’t
updated to the most recent version of Internet Explorer and exploits a vulnerability that allows
them to download a link that contains a malicious file.
While these new weaknesses have only recently been discovered, the principles behind them
are the same: Hackers are finding ways to breach a business's perimeter defenses undetected
by exploiting credentialed users' lack of awareness or training. Whether it's a classic phishing
email or malware sent through a hacked Facebook API, cybercriminals are becoming
increasingly adept at breaking in without a trace.
Given Facebook's prominence for both sanctioned and unsanctioned use within a business
network, this new attack vector is troubling. With insider access, hackers can install malware on
a business's devices that could give them access to critical company, customer or employee
data. The costs of these attacks can be sky high, due to complications such as legal
repercussions and a damaged reputation.
Malware attacks through security loopholes are common, and organizations need to adapt
accordingly. Here are just a few steps organizations can take to reduce risk:
54 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
