TARLAC CITY, Tarlac (April 9, 2023) — Good Friday was bad for Tarlac Province’s premier university as one of its Facebook pages was taken over by a hacker.
Tarlac State University (TSU) issued a statement admitting to the hacking incident that happened last month and condemning the attack.
“Tarlac State University vehemently condemns all cybercriminal actions, particularly those intended to harm the image and reputation of state-run institutions.
“The university officials are currently acting on the hacking incident involving the Office of Public Affairs Facebook page. Necessary measures and coordination with concerned government agencies and police forces are being undertaken,” the statement read.
The TSU Office of Public Affairs (TSUOPA) page’s profile and cover photos were replaced with scantily clad women.
A Google image search shows the same profile photo a Shopee Malaysia company uses that sells sexy men’s underwear. Other porn sites and pages also use the same image.
The hacked page shows that it has 83,000 followers. It is mainly used by the academe to issue press releases and announcements.
Battle lost
According to an earlier post by the University, they identified the issue on March 3, when they lost access to it.
“The administrators of the said page have lost their access due to malware. The OPA is currently working with the Management Information Systems Office regarding this pressing matter,” the March 3 post read.
A month later, TSU admitted to failing to recover the Facebook Page.
“Despite the earnest efforts exerted by the OPA and the Management Information Systems Office and the reports filed to Facebook, the page was not retrieved,” a statement posted on their main Page read.
Band-aid solution
The University administration has requested the “TSU community and all its interested parties and stakeholders to unfollow facebook.com/opaitsu and refrain from engaging with any of its postings.”
They also urged the community “to join the ‘mass reporting’ later at 1:00 PM of April 7, 2023.”
Two days later, the hacked TSUOPA page is still up.
Could this have been avoided?
Facebook pages can be hacked for various reasons, including:
Weak Passwords: One of the most common reasons Facebook pages get hacked is due to weak passwords. If the page administrator has a weak password or uses the same password across multiple online accounts, it becomes easy for hackers to gain access.
Phishing Scams: Phishing is a technique that involves tricking users into giving away their login credentials by pretending to be a legitimate entity. Hackers can create fake login pages that look like the real thing and use them to steal account information.
Malware and Viruses: Hackers can use malware and viruses to access Facebook pages. Malware can be hidden in downloads or attachments, and once installed on a user’s computer, it can steal login credentials. This is what the Management Information Systems Office of the University said that made them lose access to the page.
Social Engineering: Social engineering is a technique that involves manipulating people into divulging sensitive information. Hackers can use social engineering tactics to get page administrators to give away their login credentials or other sensitive information.
Third-Party Apps: Third-party apps with access to Facebook pages can also be hacked. If a hacker gains access to a third-party app, they can use it to gain access to the Facebook page.
To avoid Facebook page hacks, it is important to use strong passwords, enable two-factor authentication, be cautious of suspicious emails and messages, keep antivirus software up-to-date, and avoid using third-party apps that are not verified.
Preventing Future Attacks
Identifying the responsible party for a malware infection on a system can be a complex task. Here are a few steps you can take to start investigating:
Determine the type of malware: You need to identify the malware type and its behavior to know what information it might have compromised and how it entered your system. This can help you determine the source of the infection.
Check the system logs: The system logs can provide you with vital information about the origin of the malware. You should look for any suspicious activity and check when and where the malware was installed.
Check the network logs: The network logs can help you determine if the malware came from outside of the network or was introduced internally.
Look for any unusual user activity: Check if any users installed unauthorized software or visited untrustworthy websites that could have caused the malware infection.
Conduct a malware analysis: You can perform malware analysis to gather information about the malware and the source of the attack. You can use a malware analysis tool to identify the malware type and any indicators of compromise (IOCs).
Contact your IT department: If you are unable to determine the source of the malware infection, you should contact your IT department. They can assist in investigating and mitigating the issue.
It is important to note that identifying the responsible party for a malware infection can be challenging, and in some cases, it may not be possible to determine the source of the attack. The best approach is to mitigate the infection and prevent future attacks.
