Facebook this week announced ThreatExchange, an API-based platform for technology companies to share information on security threats.
It had been working on the platform for about a year, with Pinterest, Tumblr, Yahoo and Twitter. Bitly and Dropbox recently joined in.
ThreatExchange is based on Facebook’s ThreatData threat analysis framework.
Facebook layered APIs on top of the existing Facebook platform infrastructure so participants can query the available information and control which other participants they publish their information to, using a predefined set of data fields.
“Threat researchers do already share this data manually,” Jeremy Demar, director of threat research at Damballa, told TechNewsWorld. “The value in systems like this isn’t the ability to share raw intelligence [it’s the] structured data that allows for the information to be accessed quickly and easily by the users.”
Tie-In With Feds’ Cybersecurity Efforts
Cyberattacks against corporations and governments in the United States are growing, but data on attacks is fragmented, with the various government agencies not sharing information and the Obama administration’s attempts to elicit cooperation from the private sector not faring well.
The Obama administration on Tuesday announced that it will set up a national Cyber Threat Intelligence Integration Center (CTIIC) to integrate all cyberattack and cyberthreat data from the public and private sectors and push it out to where it’s needed.
Facebook’s ThreatExchange launch raises the question of whether this might lead other companies such as Google to follow suit, creating yet more islands of cyberthreat data and defeating the purpose of setting up the CTIIC.
“The threat landscape…changes daily and governments implement things on a yearly basis,” pointed out Frank Dickson, network security program director at Frost & Sullivan. “I’m not sure how well [CTIIC]’s going to work.
Still, other large companies such as Google could set up their own exchanges.
“I can see a race happening in this space, with everyone wanting to be the holders of this data,” remarked Demar.
This will be a problem, “when researchers start looking at what the holder can do with the data,” Demar suggested. “It doesn’t really matter what they’re going to do, it’s the fear of what they could do that is going to hurt these sharing efforts.”
Spearphishing and Social Networks
Spearphishing — where cybercriminals send emails or messages containing links to malware servers or poisoned websites — is a favored method of attack by cybercriminals, and is believed to have been used in the Anthem hack which saw up to 80 million customers’ records stolen from the health insurance firm.
Cybercriminals use social media as a major vector to launch spearphishing, attacks because these offer a higher chance of success than other options.
“We are more and more seeing that Facebook [and other social media sites] are the communications channel for cyberthreats,” Dickson said.
In 2010, penetration tests conducted by Secure Network over Facebook had an average response rate of 45 to 50 percent. It concluded that the information collected from an unofficial company website on Facebook could lead to a significant breach in its network.
The launch of Facebook ThreatExchange “is about Facebook being one of the larger threat vectors for phishing attacks and looking to share this threat information so companies can be aware and be proactive to prevent cybercriminals using its platform as the threat du jure,” Dickson told TechNewsWorld.
“The last thing Facebook wants is for all the major corporations in America to consider it is too much of a threat vector, and block access to it on their enterprise networks,” Dickson suggested. “We know people are accessing Facebook at work and they don’t want to lose traffic, so they’ll do everything they can to make their network safe.”
Facebook did not respond to our request to provide further details.
Twitter, whose CFO’s account was hacked recently, was coy about its participation in ThreatExchange. Referring TechNewsWorld to Facebook when approached for comment, company spokesperson Rachel Millner said she was “not able to answer Twitter-specific questions at this time.”