Cisco Systems Inc.’s security research group Talos said Friday that groups of cybercriminals continue to use Facebook Inc. as an open-air market to sell their services.
While many may think of cybercriminal markets as being something confined to the so-called “dark web,” Cisco CSCO, +0.13% said in a blog post entitled “Hiding in Plain Sight” that it had identified 74 groups on Facebook FB, -0.18% that were peddling “shady (at best) and illegal (at worst) activities” over the past several months
“The majority of these groups use fairly obvious group names, including ‘Spam Professional,’ ‘Spammer & Hacker Professional,’ ‘Buy Cvv On THIS SHOP PAYMENT BY BTC...,’ and ‘Facebook hack (Phishing).’” Cisco’s Talos said. “Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.”
According to Talos, some 385,000 Facebook users were members of these groups, which were easily found through searches using keywords like “spam,” “carding,” or “CVV,” the three-digit security code found on the back of credit cards.
Talos said it had tried to get the groups taken down through Facebook’s abuse reporting system, but those efforts have appeared to resembled a whack-a-mole game.
“While some groups were removed immediately, other groups only had specific posts removed,” Talos said. “Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”
Talos said it was cooperating with Facebook to identify and take down such groups.
“These Groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told MarketWatch in an emailed statement. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”
Facebook said Cisco flagged the groups in batches: 41 in February over reporting tools with an email followup, with an additional 25 groups in late March, followed by a third set of eight over the past week.
Cisco’s findings come following another cybersecurity-related concern at Facebook, when the site revealed that millions of user passwords on Facebook and Instagram had been stored in an unencrypted, readable format on its internal data storage systems.
Shares of Cisco were up 0.2% Friday, while shares of Facebook were down 0.2%, compared with a 0.4% gain in the S&P 500 index SPX, +0.46% and a 0.6% rise in the tech-heavy Nasdaq Composite Index COMP, +0.59%
