Expert Insight On Threat Actors Delivering Prevalent Info-stealers Via Pay-per-click Ads

By   ISBuzz Team
Writer , Information Security Buzz | Jun 07, 2021 02:39 am PST

It has been reported that researchers have tracked down the origins of several increasingly prevalent info-stealers – including Redline, Taurus, Tesla and Amadey – that threat actors are delivering via pay-per-click (PPC) ads in Google’s search results.

On Wednesday, breach prevention firm Morphisec posted an advisory in which it said that over the past month, it’s investigated the origins of paid ads that appear on the first page of search results and that lead to downloads of malicious AnyDesk, Dropbox and Telegram packages wrapped as ISO images.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Hank Schless
Hank Schless , Senior Manager, Security Solutions
June 7, 2021 10:41 am

<p dir=\"ltr\">Attackers are constantly figuring out new ways to deliver malware to unsuspecting victims. The campaigns with the greatest success rates are often ones that use a legitimate platform to deliver the attack. Leveraging paid Google ads creates an initial sense of trust – much like what attackers are able to do with socially engineered phishing campaigns. This trust causes users to let their guard down, and attackers exploit that to execute their attack. </p> <p dir=\"ltr\"> </p> <p>The concerning thing about this tactic is that it could be used to target both mobile and desktop users. Since paid Google ads appear on both platforms, the attacker could adjust their payload to target both any user on any device. Considering the nature of the malware itself, this incident should be concerning to individuals and enterprises alike. With hybrid work being the reality for most organizations in the foreseeable future, employees will continue to use both managed and unmanaged devices to access corporate infrastructure and cloud apps. This goes for smartphones, tablets, laptops, and desktops. Employees expect to be productive from any device, which means corporate data needs to be secured from the endpoint itself all the way to the cloud. </p> <p> </p> <p>In order to protect themselves against attacks like this, security teams need to implement a Zero Trust philosophy across their entire infrastructure. To take it a step further, implementing granular policies that dynamically adjust access based on the unique risk profile of both the user and the device is a necessity. This will ensure that users are who they say they are and can only access the resources they need to get their work done.</p>

Last edited 2 years ago by Hank Schless

Recent Posts

Would love your thoughts, please comment.x