As a part of its quarterly threat reporting, Meta (previously known as Facebook) unveiled discoveries on malicious software strains that target online business accounts on May 3, 2023. These revelations are being made public to enlighten and assist users adopt necessary precautions to safeguard themselves against these threats. By showcasing the multi-faceted approach they take to battle this issue, Facebook strives to give users an inside view of their efforts and demonstrate their dedication to protecting businesses against malware.
According to the report, the groups accountable for developing and spreading the malware have a monetary incentive to do so. They are furthermore evolving more refined in their tactics by unfurling their operations across the internet. This makes it even more challenging for any company, including Facebook, to disrupt their activities. By diversifying their operations, the hostile groups are attempting to assure that they can prevail their actions invariant if one part of their operation is disrupted or shut down.
Meta’s security researchers have detected and disrupted nearly ten new malware strains this year, including those posing as ChatGPT browser extensions and productivity tools, the latest iterations of malware known in the security community as Ducktail, and previously unreported malware families including one called NodeStealer.
Further, Meta discovered that these diverse sorts of malware are precisely devised to target people in myriad forms, such as through spam mail, malicious browser extensions, ads, and phone apps, as well as social media platforms. Once a device gets contaminated, these malware are apt of compromising the prey’s business account and utilizing it to operate unauthorized ads across the internet. The attackers plot to forge money by manipulating the compromised business account.
Meta’s team has uncovered various malware operations that are in diverse phases of development and have caught that these groups acclimate rapidly when detected. To contradict these threats, Meta has abode measures by barring over 1,000 malicious links from being shared on its platforms and sharing info with other industry peers. The company has furthermore reported malicious browser extensions and mobile apps to other companies in the industry to assist preclude the spread of these threats.
How Threat Actors Target Businesses
To target businesses with malware, threat actors utilize diverse tactics such as devising and suppressing malicious software to bypass detection. They often conceal malware within seemingly harmless files, apps, or browser extensions that can be downloaded from official app stores. By leveraging trending topics such as ChatGPT, Google Bard, and OpenAI, threat actors mislead people into clicking on or downloading the malware. Preventing these operations needs a collaborative effort across the industry.
These groups often target personal accounts connected to business pages and advertising accounts, utilizing sophisticated forms of account compromise like evading two-factor authentication and detecting connections between the compromised account and business accounts. More details can be found in their technical threat research.
Facebook’s Measures to Protect Businesses from Malware and Phishing Attacks
Facebook desires to protect firms from malware and phishing attacks. They are not solely concentrated on precluding these invasions but furthermore on supporting corporations to retrieve access to their accounts back if they are compromised. To accomplish so, Facebook has enforced several measures, such as:
1- New Malware Removal Support:
Meta’s newly introduced malware removal support tool is designed to guide businesses through the process of identifying and eliminating malware from their devices. In addition to aiding in the identification and elimination of malware, it furthermore assists in utilizing third-party antivirus tools. Since security breaches frequently occur beyond our apps and technologies, these independent tools are a crucial component in the recovery process, safeguarding business accounts against further harm.
2- Verifying Connected Business Manager Accounts
Additionally, Facebook has presented stricter authorization conditions for exposed account actions, such as accessing a credit line or changing business administrators. This assists assure that only authorized personnel are making these changes, thereby reducing the risk of account compromise.
3- Increasing Protections for Sensitive Account Actions
To additionally protect against compromise, Facebook is also verifying connected Business Manager accounts and allowing businesses to have more visibility and control over administrator changes. This authorizes businesses to create restrictions to only allow admins from trusted domains and more effectively audit people’s access through a new active or inactive status filter.
4- Introducing Meta Work Accounts
Finally, Facebook has further introduced Meta Work accounts, which will authorize business users to log in and employ Business Manager without needing a personal account. This is a momentous measure in defending against personal account compromises that could lead to business account compromises.
Facebook furthermore urges individuals who reckon that they have downloaded malicious software to delete it from their device, inspect their device with updated antivirus software, and pursue instructions to secure their personal and business accounts. The instructions incorporate installing and utilizing antivirus software, employing two-factor authentication, resetting your passwords, switching on log-in alerts as well as reanalyzing previous sessions, allowing business notifications, and lastly utilizing the Security Checkup Tool.