Pierluigi Paganini February 16, 2013

In this last months we have registered numerous clamorous attacks against intelligence agencies, government offices, media and social networking platforms. Twitter was last victim in order of time but the thought of security experts was focuses of Facebook, the biggest social networking with more than 1 billion members, a mine of information related to the widest audience of users. Facebook is a single application that manages an impressive number of information of data and so it represents a privileged target for attackers.

Facebook company revealed on Friday that it has been hit in January by an unidentified group of hackers, fortunately no user information was compromised during the attack.

What is really interesting is the level of sophistication of the malware based attack that eluded security defense, it compromised the developer’s website and infected the employees machine when visited it.

The laptops infected were fully-patched and running up-to-date anti-virus software occurrence that suggests attacker have exploited zero day vulnerabilities hosting an exploit on the web site.

The official statements reports:

“Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”

Facebook advisory confirmed that security teams of the company are very active in the fight to cyber threats thanks to an intense collaboration with law enforcement and security teams of other companies. The attacks seems to have exploited a zero-day Java software vulnerability well before the official announcement provided by Oracle company.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

The investigation are still ongoing as confirmed by Facebook

“We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Pierluigi Paganini