Shulou(Shulou.com)11/24 Report--

On Wednesday, local time, social media giant Meta warned that malware attackers are increasingly inclined to spread their software to multiple platforms or make it more difficult for individual technology companies to detect their malicious activity.

However, the company said it saw the shift in strategy as a sign that the industry's crackdown on malware attacks was working, promising to provide more resources and protection to business users. the goal is to further raise the bar for attackers to launch attacks.

On Facebook, Meta now adds new controls to business accounts to manage, audit, and restrict who can become account administrators, who can add other administrators, and who can perform sensitive operations, such as access to credit lines. The goal is to make it harder for attackers to use some of their most common tactics. For example, a malicious actor might take over a personal account employed by or otherwise connected to the target company, and then add the infected account as an administrator on the business page.

In addition, Meta will launch a step-by-step guide tool to help businesses mark and remove malware from their corporate devices, and recommend the use of third-party malware scanners. The company said it had found a pattern in which the user's Facebook account was breached, the owner regained control, and then the account was breached again because the target device was still infected with malware or had been re-infected.

"this is an ecosystem-level challenge and the opponents are very adaptable," said Nathaniel Gleicher, head of security policy at Meta. "what we are seeing is that the opponents are really working hard, but the defenders are also in good order. We are not only attacking individual malicious actors, but we are also using many different strategies to counter them and make their attacks more difficult to succeed."

There are many advantages for an attacker to distribute malware across multiple platforms. They can post ads on social networks such as Facebook. These ads do not directly contain malicious content, but will be linked to fake creator pages or other profiles. On these sites, attackers can publish a special password and link it to file sharing services such as Dropbox or Mega. They can then upload the malicious file to the hosting platform and encrypt it with the password mentioned earlier to make it harder for the company to scan and mark. In this way, victims are guided through a range of seemingly legitimate services and end up in a trap. No website can fully understand all the steps of the attack.

In recent months, there has been a growing interest in generative artificial intelligence chat robots such as ChatGPT and Bard. Meta says attackers have included the topic in their malicious ads, claiming to provide access to these and other generative artificial intelligence tools.

Meta said that since March 2023, the company has blocked more than 1000 malicious links used to generate artificial intelligence theme bait, banned them from sharing on Facebook or other Meta platforms, and shared URL with other technology companies. In addition, Meta reported multiple browser extensions and mobile applications related to these malicious activities.

Meta said that more and more attackers are using known malware Ducktail technology to try to reach more victims and take over Facebook's business accounts to spread more malicious ads. Meta blamed the Ducktail attack on the attackers in Vietnam, sent a suspension letter to specific individuals and reported the activity to law enforcement.

In late January, Meta also discovered a new type of malware, NodeStealer, which is mainly aimed at Windows browsers, which can record the victim's user name and password, steal Cookie, and use this data to hack into Facebook, Gmail and Outlook accounts. Meta also blamed the Vietnamese attacker for the attack and quickly submitted deletion requests to host providers, domain name registrars and other partners. The company said the measures appeared to be effective and that it had not detected any new NodeStealer samples since February 27.

Nathaniel Gletcher, head of security policy at Meta, said: "attackers expect us to work in isolation between companies and cannot follow in their footsteps and move from one platform to another." To make it harder for attackers to launch attacks, Meta not only adds new features to users, expands automatic detection and acts directly against attackers, but also makes public disclosure and information sharing with other companies and law enforcement agencies, he added.

"the more platforms you need to coordinate, the more complex the defense will be." "but the more fragmented their opponents are, the more they need to get all these different platforms to work together, and the number of victims will become smaller and smaller," Gretcher said. the more we force them to attack separately, the higher the cost to their opponents. "

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.