Malware attackers are increasingly likely to spread their software across multiple platforms or make it harder for individual tech companies to detect their malicious activity, social media giant Meta has warned.
Still, the company said it believed the shift in strategy just showed that industry efforts to combat malware attacks were working, and it promised that it was providing more resources and protection to business users, with the goal of further raising the threshold for attackers to launch attacks.
On Facebook, Meta has now added new controls for business accounts to manage, audit, and limit who can become an account administrator, who can add other administrators, and who can perform sensitive operations such as accessing credit lines. The goal is to make it harder for attackers to use some of their most common tactics. For example, a malicious actor might take over an individual account employed by or otherwise connected to a target company, and then the infected account could be added as an administrator on a business page.
In addition, Meta will introduce step-by-step guide tools to help businesses flag and remove malware on their enterprise devices, and suggest the use of third-party malware scanners. The company said it had found a pattern in which a user’s Facebook account was compromised, the owner regained control and then the account was compromised again because the target’s device was still infected with malware or had been reinfected.
“This is an ecosystem-level challenge against a very adaptable adversary,” said Nathaniel Gleicher, director of security policy at Meta. What we saw was that the opposition really worked hard, but the defense was just as organized. We’re not just going after individual malicious actors, but we’re using many different strategies to counter them and make it harder for them to attack.”
The move by attackers to distribute malware across multiple platforms has many benefits. They can post ads on social networks like Facebook. These ads do not directly contain malicious content, but link to fake creator pages or other profiles. On these sites, attackers can post a special password and link it to file-sharing services such as Dropbox or Mega. They can then upload the malicious file to the hosting platform and encrypt it using the aforementioned password to make it harder for companies to scan and flag. In this way, victims can be directed through a range of seemingly legitimate services and end up falling into a trap. And no website can fully understand all the steps of an attack.
Public interest in generative AI chatbots such as ChatGPT and Bard has been growing in recent months. Meta says the attackers have included the topic in their malicious ads, claiming to provide access to these and other generative AI tools.
Since March 2023, Meta has blocked more than 1,000 malicious links used for generative AI subject bait and banned them from being shared on Facebook or other Meta platforms, as well as sharing urls with other tech companies, the company said. In addition, Meta reported multiple browser extensions and mobile applications associated with these malicious activities.
An increasing number of attackers are using known malware called Ducktail technology to try to reach more victims and take over Facebook business accounts to spread more malicious ads, Meta said. Meta blamed the Ducktail attack on attackers in Vietnam, sent cease and desist letters to specific individuals and reported the activity to law enforcement.
In late January, Meta also discovered a new malware called NodeStealer, which targets Windows browsers and is able to log a victim’s username and password, steal cookies, And used the data to hack into Facebook, Gmail and Outlook accounts. Meta also blamed the attack on Vietnamese attackers and quickly sent removal requests to host providers, domain registrars and other partners. The company said the measures appear to have worked, and it has not detected new NodeStealer samples again since Feb. 27.
“Attackers expect us to work in isolation from one company to another, unable to follow them as they move from platform to platform,” said Nathaniel Gretcher, director of security policy at Meta. In addition to adding new features for users, expanding automated detection, and taking direct action against attackers, Meta also makes public disclosures and information sharing with other companies and law enforcement to make it more difficult for attackers to launch attacks, he added.
Read Also: Google Pixel Tablet Rendering Exposure: Light pink/white border
“The more platforms you have to coordinate, the more complex the defense becomes.” “But the more fragmented the adversary is, the more they have to have all these different platforms working together, and the number of victims gets smaller and smaller,” Gletcher said. The more we force them to spread out their attacks, the higher the cost to the adversary.”