The social media platform and social networking service Facebook has been affected multiple times over its history by intentionally harmful software. Known as malware, these pose particular challenges both to users of the platform as well as to the personnel of the tech-company itself. Fighting the entities that create these is a topic of ongoing malware analysis.
Attacks known as phishing, in which an attacker pretends to be some trustworthy entity in order to solicit private information, have increased exponentially in the 2010s and posed frustrating challenges. For Facebook in particular, tricks involving URLs are common; attackers will maliciously use a similar website such as http://faceb0ok.com/ instead of the correct http://facebook.com/, for example. The 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), held in July 2014, issued a report condemning this as one of the "common tricks" that mobile computing users are especially vulnerable to. [1]
In terms of applications, Facebook has also been visually copied by phishing attackers, who aim to confuse individuals into thinking that something else is the legitimate Facebook log-in screen. [1]
In 2013, a variant of the "Dorkbot" malware caused alarm after spreading through Facebook's internal chat service. [2] With suspected efforts by cybercriminals to harvest users' passwords affecting individuals from nations such as Germany, India, Portugal, and the United Kingdom. The antivirus organization Bitdefender discovered several thousand malicious links taking place in a twenty-four hour period, and contacted the Facebook administration about the problem. While the infection was contained, its unusual nature sparked interest given that the attackers exploited a flaw in the file-sharing site MediaFire to proliferate phony applications among victims' Facebook friends. [3]
The real computer worm "Koobface", which surfaced in 2008 via messages sent through both Facebook and MySpace, later became subject to inflated, grandiose claims about its effects and spread to the point of being an internet hoax. Later commentary claimed a link between the malware and messages about the Barack Obama administration that never actually existed. David Mikkelson of Snopes.com discussed the matter in a fact-checking article. [4]
On 26 July 2022, researchers at WithSecure discovered a cybercriminal operation that was targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using data-stealing malware.They dubbed the campaign as 'Ducktail' and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware with motives appeared to be purely financially driven. [5]
In the same vein as actions by Google and Microsoft, the company's administration has been willing to hire "grey hat" hackers, who have acted legally ambiguously in the past, to assist them in various functions. Programmer and social activist George Hotz (also known by the nickname "GeoHot") is an example. [6] [7]
On July 29, 2011, Facebook announced an effort called the "Bug Bounty Program" in which certain security researchers will be paid a minimum of $500 for reporting security holes on Facebook's website itself. The company's official page for security researchers stated, "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you." [8] The effort attracted notice from publications such as PC Magazine , which noted that individuals must not just be the first to report the security glitch but must also find the problem native to Facebook (rather than an entity merely associated with it such as FarmVille). [6]
In late 2017, Facebook systematically disabled accounts operated by North Koreans in response to that government's use of state-sponsored malware attacks. Microsoft did similar actions. The North Korean government had attracted widespread condemnation in the U.S. and elsewhere for its alleged proliferation of the "WannaCry" malware. Said computer worm affected over 230,000 computers in over 150 countries throughout 2017. [9]
Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.
This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.
Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the victim's computer in order to gain access to it. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.
Crimeware is a class of malware designed specifically to automate cybercrime.
A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.
A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.
Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.
Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.
Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.
Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. It originated in 2015 and infected systems were variously used to send spam, participate in DDoS attacks, or harvest users' credentials.
Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
Code Shikara is a computer worm, related to the Dorkbot family, that attacks through social engineering.
Trojan.Win32.DNSChanger is a backdoor trojan that redirects users to various malicious websites through the means of altering the DNS settings of a victim's computer. The malware strain was first discovered by Microsoft Malware Protection Center on December 7, 2006 and later detected by McAfee Labs on April 19, 2009.
The Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) event is an annual conference designed to serve as a general forum for discussing malware and the vulnerability of computing systems to attacks, advancing computer security through the exchange of ideas. It is one of the projects of the German Informatics Society (GI).
Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.
Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian, who target organizations rather than individual consumers.