Facebook Builds Its Own Threat Modeling System

  /     /     /  
Publicated : 22/11/2024   Category : security


Facebook Builds Its Own Threat Modeling System


The tool helps the social network gather, store, analyze, and react to the latest threats against it.



Facebook has created its own threat intelligence tool to help keep tabs on malware, phishing, and other threats on the Internet that could threaten the social network. The new ThreatData framework pulls threat feeds from outside sources, stores that information, and allows the social media giant to translate that information into action for real-time defense.
Mark Hammell, a threat researcher at Facebook who 
blogged about the new homegrown framework yesterday
, says ThreatData also has helped the social networking company spot new types of threats. Last summer, for example, the tool provided data on a trend in malware samples using a particular string in an antivirus signature: turned out it was a spam campaign of fake Facebook accounts that tried to push mobile phone malware.  
The malware, specifically the Trojan:J2ME/Boxer family [3], was capable of stealing a victims address book, sending premium SMS spam, and using the phones camera to take pictures. With this discovery, we were able to analyze the malware, disrupt the spam campaign, and work with partners to disrupt the botnets infrastructure, Hammell said.
ThreatData draws from VirusTotal, vendor-generated threat intel feeds, open-source data on malicious URLs and malware tracking sites, as well as Facebooks own internal threat intelligence findings. It then generates real-time response to any new threats.
Hammell says that automated function is rooted in a processor Facebook built to analyze the incoming data and to automatically act on the new threats. All malicious URLs collected from any feed are sent to the same blacklist used to protect people on facebook.com, he said. Interesting malware file hashes are automatically downloaded from known malware repositories, stored, and sent for automated analysis; and threat data is propagated to our homegrown security event management system, which is used to protect Facebooks corporate networks.
Why the homegrown tool approach? Given the pace of criminals today, one of the hard parts is actually keeping track of all the data related to malware, phishing, and other risks. We wanted an easier way to organize our work and incorporate new threat information we receive so that we can do more to protect people, Hammell said. Weve found that the framework lets us easily incorporate fresh types of data and quickly hook into new and existing internal systems, regardless of their technology stack or how they conceptualize threats.
The announcement of Facebooks ThreatData tool is yet another security move by the social media giant, which has paid out more than $2 million to outside researchers as part of its bug bounty program and of late has been forthcoming about its strategy building a security culture internally.
Facebook CSO Joe Sullivan says the social media giant has made security part of the social media giants culture so that security is part of all of the daily lives of all of its employees. Its important to get the whole company thinking about security, Sullivan said in a press briefing last week.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Facebook Builds Its Own Threat Modeling System