On February 19, it was revealed that Apple suffered a security breach of its systems, which allowed hackers to install malicious software on employee Macs. The previous Friday, Facebook admitted a similar breach had occurred on their systems.
Few details are known about the hacks. However, it has been revealed that it was a 'zero-day exploit' that took advantage of a vulnerability within Java.
In essence, a 'zero-day exploit' is a term used for a security breach that has not been seen before [we think that means 'new']. Even up-to-date anti-virus software will not identify it. There are also no patches to update the vulnerability, so these attacks can be devastating. Java is a service that runs in most web browsers to allow certain content to function.
The Facebook security team identified that their systems had been compromised when suspicious activity was found in their logs. The investigation found that Facebook developers had visited the website of a developer that had been compromised. Access to this website led to malicious software being installed onto Facebook employee laptops. Developers are considered to be sophisticated users, so the threat level from this sort of attack should not be underestimated.
Apple and Facebook however are not the only victims of this kind of cyber attack. Many companies fall victim to malicious online predators who, at one level, simply look to create mischief and, at the other, look to achieve some kind of financial gain by obtaining personal details and other confidential information.
Most corporates invest heavily in anti-virus software but the battle against cyber crime is constant and can affect companies of any size. As high profile technology companies, Facebook and Apple will no doubt have invested particularly heavily in security software in order to prevent and detect any attempts to compromise their systems. However this attack shows that whoever you are, security can never be perfect, breaches are increasingly multi-faceted and systems have many areas in which they can be vulnerable.
There are, however, many things that can be done to help increase the chances of preventing and detecting attacks.
• All employees should be given security awareness training. This will help to reinforce the issues and threats that employees need to be aware of when using the web
• Administrator privileges should be restricted to authorised personnel to reduce the risk that malicious software can be installed onto a machine. This will help prevent unauthorised software gaining access to your system whether intentionally or inadvertently
• Anti-virus software should be regularly updated and full anti-virus scans should be run as often as is practicable. This will help identify and remove any malicious software that has managed to infect your systems
• Finally, all logs should be reviewed regularly to identify any unexpected or suspicious activity. Indeed this is how Facebook identified the hack.
Whilst some of the measures above will not prevent a 'zero-day exploit' or indeed the next clever piece of malware, the reality is that the majority of compromised systems are not a result of zero-day exploits but one of a known number of dangers and threats. Keeping all software fully patched and anti-virus programmes up-to-date, contributes to building a security profile that will help keep your systems as safe as possible from external threats.
Of course this is not a comprehensive list of security measures; guidelines and frameworks like ISO27001 and PCI DSS are an invaluable source of good practice guidance that companies should and (if you process credit cards in the case of PCI DSS) must comply with.
Finally, if you haven’t patched Java this month, whether using a PC or a Mac, it would be a very good idea to do so as soon as possible, so you are at least protected from the attack that breached Apple and Facebook.
George Quigley is partner at accountancy firm BDO LLP