Phishing techniques your Anti-Virus doesn’t even know about

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Phishing techniques your Anti-Virus doesn’t even know about
on about.privatizeme.com/blog/: Phishing techniques your Anti-Virus does not know
phishing_hoodie.png


News about ransomware and malware exploits crippling business operations for weeks is widespread. Smaller rural hospitals, SMEs, local governments and 911 centers seem to have been targeted. Such exploits inadvertently enter corporate networks when employees open malicious email or visit sites that introduce malware onto their PCs/Macs.

Ransomware is not unique to corporate networks; it could also happen to users of home PC or Macs and may have a larger impact on non-expert users, especially if they don’t regularly backup their computers. We will talk about Corporate Networks in this blog, but the same message applies to the home computers.

Cyber stalkers are getting more sophisticated — instead of using a spray and pray approach to spread phishing exploits via email, they are now targeting people based on their online profiles, by leading them to sites (honeypots) with targeted content (and malware). Some cyber stalkers are aiming at specific classes of users through targeted mal-advertising piggybacking on traditional ad platforms like Yahoo and DoubleClick.

As employees browse sites, their browser collects trackers from trusted and untrusted parties. Browser trackers are more than just cookies. Cookies, those tidbits of information, used to be only from the websites you visited. With the proliferation of ad networks and third party content, information is being placed on employee computers by people you don’t know or trust. This additional information is being used to track users from website to website (cross domain tracking), determining their browsing and buying habits, their online activities and to also develop profiles, which are sold by data brokers for a fee.

Simply deleting browser cookies occasionally will not prevent cross domain tracking or profile development. Javascript, flash code executed on your browser and adding/retrieving of information buried in internal browser databases, your browser reveals your identity to visted websites and their partners. In addition, your device can be queried by a website or ad platform to reveal unique characteristics (i.e. digital fingerprints) that can identify you.

Now imagine you are the CISO at a 3D Chip design company developing a new AI engine costing tens of millions in R&D. If a sovereign spy network wants your secrets, they can target your employees (and users from other chip companies with characteristics like your employees) by posting ads (using legitimate ad networks and their targeting techniques) for non-existent seminars or conferences. Once your employee is lured to the conference site, they could be tempted to download malware or be infected by sleeper malware contained in ad itself (malvertising). Since the conference site is not a popular site or the sleeper malware is a zero–day exploit your anti-virus or anti-phishing endpoint software is unlikely to catch it. Many of these exploits surreptitiously case the internal corporate network and do not transfer or delete files and are not discovered by anti-virus programs. In short, today a threat can be introduced into the corporate network, not in the form of an infection, but in the form of a covert signal to the bad actor when a specific personal profile joins a targeted corporate network.

Firewalls are designed to keep external threats from entering your network, but can do little when those threats are introduced by devices inside your protected network. The reality is, despite your firewalls and policies, it is inevitable your employees will surf the net at work, home and on public networks and bring malware into your network.

PrivatizeMe eliminates these trackers and periodically changes the digital fingerprint of the user’s device. Deleting cookies and changing a devices digital fingerprint gives the appearance of a new and unique user. If users can’t be identified, they can’t be individually targeted.

PrivatizeMe’s “Effortless Privacy Protection” defeats attempts by cyber stalkers to invade your employee’s online privacy without changing the way they browse. With such protection from being stalked, digital fingerprinted and profiled, your employees cannot be targeted with spear phishing exploits and malvertisements or be led to targeted watering holes laden with malicious malware.

CISOs can now deploy our solution across their organizations to every employee’s Windows PC or Mac and in turn protect their network. Unlike firewalls and anti-virus, which protects the computer, PrivatizeMe protects employee privacy and eliminates trackers. PrivatizeMe complements firewalls and policies by preventing a digital fingerprint from being developed, obscuring the individual. Without good targeting information, spear phishing and targeted malvertisement attacks are much less successful.
 
Last edited:
D

Deleted member 65228

You could always just use a script-blocking extension and a good ad-blocker like uBlock Origin... It's worked wonders for me for several years with little maintenance required and not really any problems.

Also, Anti-Virus vendors are aware of tracking techniques and phishing attempts. Most good Anti-Virus products have good web-protection which may not attack the genuine-looking advertisements which are actually up to mischief (it isn't always possible - generic ad-blocking is the best defence for this), but may block the website you will be redirected to with their scanning algorithms and database intelligence. Nothing is full-proof though.

Then again, layered protection is always a good idea.

1. Good Internet Security with web-protection.
2. Ad-blocker.
3. Script blocking support.
4. Maybe an additional web protection extension if required.
5. Windows locked down a bit more.

And you're doing well.

For anyone wondering, by "generic ad-blocking" I am referring to JavaScript injection which will scan the document and remove advertisements if one is found. For example, without relying on hosts to block the connections... But finding the HTML/JavaScript which causes it to be inputted on the document and just eliminating it out.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top