Zero-Day Exploit Bypassed Java Protections to Install Malware
Even the most savvy information technologists aren't immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees' laptops.
In a blog posted by Facebook Security on Feb. 15, the company said it found no evidence that Facebook user data was compromised.
Here's what happened at Facebook, according to its blog:
Several Facebook employees visited a mobile developer website that was compromised.
The compromised website hosted an exploit that then allowed malware to be installed on these employees' laptops. "The laptops were fully-patched and running up-to-date anti-virus software," the blog says.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day." Facebook Security flagged a suspicious domain in its corporate DNS (Domain Name Servers) logs and tracked it back to an employee laptop.
The security team conducted a forensic examination of that laptop and identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.
The social-media company says it is working with law enforcement and the other organizations affected by this attack. "It is in everyone's interests for our industry to work together to prevent attacks such as these in the future," Facebook says.
The Facebook attack is reminiscent of the 2011 breach at security provider RSA, when a well-crafted e-mail tricked an RSA employee to retrieve from a junk-mail folder and open a message containing a virus that led to a sophisticated attack on the company's information systems