Cisco Vulnerability: A Potential Gateway for Hackers
A recently disclosed flaw in Cisco’s Integrated Management Controller (IMC) has raised concerns amongst businesses and individuals. Experts warn that this high-severity vulnerability could allow…
Threat Actors Found to be Targeting Facebook Business Accounts
Description:
Researchers at WithSecure, a cybersecurity company formally known as F-Secure, have published research on an ongoing operation targeting organisations and individuals that manage Facebook Business accounts.
The operation, dubbed DUCKTAIL, has been seen scouting for businesses that use the Facebook Business/Ads platform and then targeting employees of businesses that may have access to their organisation’s account. WithSecure detailed how the threat actor named their malware files using keywords relating to products and brands with the aim of making it look like project development plans and business-related files.
The malware used in these attacks has the capability to scan the browsers on the victim’s device for session cookies from Facebook as well as personal information from the user’s machine, such as 2FA codes, geolocations and IP addresses, and user agents, as well as the name and birthday of the user.
If the victim has been accessing their personal account on the device, the malware will also steal email and user ID information, as well as scanning for any businesses associated with the personal account.
Notably, the malware can gain access to Facebook Business accounts associated with the victim’s personal Facebook account. It does so by attempting to add the threat actor’s email account to the business account, and if successful will attempt to give their account admin access and make themselves the finance editor of the business account.
This infographic explains the DUCKTAIL operation:
The full report from WithSecure can be found here.
Preventions:
Keeping all colleagues within your organisation informed on how to spot and report a phishing attack may help prevent your organisation from being hit with this attack. Additionally, make sure to not keep passwords for social media accounts stored within your browser, as these can often be easily accessed by hackers (as seen in this attack). Instead, consider using a password manager to store password and username information, as these are often much better protected and harder to access by malicious users.
Organisations may wish to consider updating browser settings to have stricter cookie policies and for cookies to be cleared when the browser is closed, stopping session cookies from being held for longer periods than would be required.
Regularly reviewing users added to your Facebook Business account can also let you quickly see if there is a new and suspicious user added. Facebook has a page detailing how to do this here. Keep users to a minimum on your Facebook business account, if your business is targeted, there is less chance of an attack being successful.
Related Links:
https://labs.withsecure.com/publications/ducktail/ – Published July 26th
Related articles
Inside the LabHost Takedown: How Police Busted a Global Phishing Empire
The familiar scenario plays out countless times each day: you receive a panicked text message. Your bank account has been compromised, or a package awaits…
PuTTY SSH Flaw: What You Need to Know
A recently disclosed vulnerability in the popular SSH client PuTTY (versions 0.68 to 0.80) could allow attackers to recover private encryption keys, potentially enabling them…