[ad_1]
DuckTel malware attempts to hack into the accounts of individuals using Facebook’s business and advertising platforms, Secure Intelligence said.
Social media is one of the areas cybercriminals like to use to target their victims. And as one of the most popular social networks, Facebook is often the subject of malware campaigns. A new attack analyzed by cyber security vendor WithSecure Intelligence aims to steal the sensitive information of Facebook business users and take over their accounts.
How does Ducktail attack businesses?
Using Facebook’s MetaBusiness Suite, organizations can assign specific employees to interact with customers, discuss their products and services, and create ads that run on Facebook. In a phishing campaign called Ducktail, cybercriminals look for companies that use Facebook’s business/advertising platform and then target people within the company with access to business accounts. Among the employees targeted in this campaign are those in administration, digital marketing, digital media and human resources, WithSecure said.
See: Mobile device security policy (TechRepublic Premium)
As a next step, the attackers deploy malware to victims, sometimes accessing it through LinkedIn and often hosting cloud-based services like Dropbox and iCloud. The malware itself is an archive file containing documents, images and videos. With names like “Project Development Plan” and “Project Information,” the files are designed to encourage people to open them and launch malware.
Once installed, the malware scans one of the following browsers: Google Chrome, Microsoft Edge, Excel, and Firefox. For each browser, Ducktel retrieves all stored cookies, including any for a Facebook session. Using that cookie, the malware communicates with various Facebook endpoints to obtain information from the user’s Facebook account.
For personal Facebook accounts, the malware aims to capture the user’s name, email address, date of birth, and user ID. For business accounts, it requires name, verification status, ad account limit, owner, role, and customer name. And it looks for the name, ID, account status, payment cycle, currency, and amount spent for the corresponding Facebook ad accounts.
Finally, cybercriminals assign admin and finance editor roles to the victim’s Facebook business account. By achieving that goal, you’ll be able to take full control of your account and access and update credit card information, transactions, invoices, and payment methods.
See: Password Cracking: Why Pop Culture and Passwords Don’t Mix (Free PDF) (Republic of Tech)
“As businesses become more aware of traditional ransomware attacks, cybercriminals are looking for new ways to turn a successful cyberattack into illicit financial gain,” said Chris Clements, vice president of solution architecture at cybersecurity firm Cerberus Sentinel. We’ve seen similar attacks on social media accounts like the Twitter hack in July 2020…but the direct approach of targeting Facebook business accounts is a new and interesting angle. Compared to previous social media hacks that would quickly reveal themselves by posting links to scams or malware, this campaign is more subtle to improve ad spend or promote ad fraud.
Protecting businesses from this new malware
To protect organizations from such social media-based threats, WithSecure offers the following recommendations:
- Turn to endpoint detection and response toolsEDR tools can analyze each level of an attack, generating information on an incident to help identify and mitigate the issue.
- Wait for the end pointsA good endpoint protection and security tool can detect malware on internal and external networks and devices. Make sure real-time protection is enabled, but run full manual checks on endpoints.
- Review Facebook business usersLog in to your Facebook Business Manager page to review all added users. Select Business Manager, go to Settings, and then select People. You can revoke access for any unknown users who have been granted administrator access.
Roger Grimes, data-driven defense evangelist at cybersecurity firm Nowbe4, says, “Almost every organization can improve their cybersecurity defense plan if they focus more on mitigating the possibility of social engineering. “Each organization should look at what they can improve in their defense-in-depth plan (eg, policies, technical defenses, and education) to defeat social engineering. That’s because no organization can properly focus the necessary resources and training on social engineering, hackers and malware. [are able] To be successful in the long run.”
[ad_2]
Source link