In a report about ongoing cyber-attacks on US critical infrastructure from the FBI and Homeland security secured by the New York Times, investigators reveal that in an effort to snag critical infrastructure operators, hackers would compromise legitimate websites that they knew their victims visited. Chris Olson, CEO at The Media Trust commented below.

Chris Olson, CEO at The Media Trust:

Domain Phishing“The ability to hijack legitimate websites to execute individually-targeted malware attacks is easier than most IT/security professionals realize. The process to deliver customized, browser-rendered content–use of behavior profiles to recommend user-specific content–is the same one leveraged by bad actors to target their campaigns. Traditional security tools–blacklists, whitelists, generic threat intelligence, AVs, web filters and firewalls–are proving inadequate defenses against today’s dynamic websites, including government websites.”

Notify of

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
Would love your thoughts, please comment.x