Social media giant, Facebook, falls victim to a complex, unpatched malware infiltration.
Last month, Facebook's IT systems were compromised in a sophisticated, targeted attack. The breach, which occurred despite the company's reputation for employing tech-savvy individuals, was revealed through a suspicious domain in Facebook's corporate Internet history.
According to reports, the attack was carried out using a zero-day exploit of the programming platform Java. This means that the vulnerability was unknown to the developers of the platform, making it difficult to prevent. The compromised website installed malware onto the employees' laptops, causing the breach.
The attack was not limited to Facebook's systems, suggesting a broader targeted campaign. In recent weeks, the organisation "Save the Elephants" was also affected by a similar complex and targeted cyber attack on their Facebook page. However, no other organisations with similarly complex and targeted attacks like Facebook were explicitly mentioned.
Facebook remediated all infected machines as soon as the malware was discovered. No evidence of user data compromise was found in the attack, and no customer data was stolen. The company informed law enforcement about the attack and is continuing to investigate the incident.
Barry Steiman, senior security strategist at Imperva, stated that data loss is difficult to guarantee without proper controls. He emphasised the need for better data access controls to ensure security, a sentiment that appears to resonate with Facebook as they work to prevent such incidents in the future.
Facebook is considered a young company with brilliant minds and technology-aware employees. Despite this, the attack serves as a reminder that no organisation is immune to cyber threats, and vigilance and continuous improvement in security measures are essential.
