mik38 - Fotolia

Cybercrime groups continue to flourish on Facebook

Security researchers found cybercrime groups using Facebook out in the open for illegal activity and the findings are very similar to an issue Facebook had last year.

Security researchers found that Facebook has an ongoing issue with Groups being used for illegal activity.

Jon Munshaw and Jaeson Schultz, technical editor and technical leader for Cisco's Talos Security Intelligence and Research Group, respectively, found 74 Facebook cybercrime groups with approximately 385,000 total members.

The researchers said it tracked many cybercrime groups on Facebook where illegal activity, such as selling stolen credit card numbers, was done out in the open. The names of the Facebook Groups showed the members weren't trying to hide illegal activity with group names including "Spam Professional," "Spammer & Hacker Professional," "Buy Cvv On THIS SHOP PAYMENT BY BTC." The cybercrime groups ranged from those selling stolen credit cards and spam lists to hacking tools and even identity information.

Munshaw and Schultz said some of the cybercrime groups on Facebook had been active for up to eight years and some had even gathered "tens of thousands" of members.

"These Facebook groups are quite easy to locate for anyone possessing a Facebook account. A simple search for groups containing keywords such as 'spam,' 'carding,' or 'CVV' will typically return multiple results," Munshaw and Schultz wrote in a blog post. "Of course, once one or more of these groups has been joined, Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find."

The Talos researchers had inconsistent results when using Facebook's reporting features to remove the cybercrime groups and said that new groups keep being created. Munshaw and Schultz even implied Facebook wasn't taking an active role in ridding its platform of these cybercrime groups and that "Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse."

The researchers went on to note that this issue was also reported on by KrebsOnSecurity in April 2018 and although "the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs."

Munshaw and Shultz said companies need to "work together" to remove adversaries from platforms like Facebook. "Social media platforms should continue their efforts, both manual and automated, aimed at identifying and removing malicious groups," they wrote. "Security teams and vendors must work together to actively share information, take action and inform our customers."

Dig Deeper on Threats and vulnerabilities