In a report about ongoing cyber-attacks on US critical infrastructure from the FBI and Homeland security secured by the New York Times, investigators reveal that in an effort to snag critical infrastructure operators, hackers would compromise legitimate websites that they knew their victims visited. Chris Olson, CEO at The Media Trust commented below.
Chris Olson, CEO at The Media Trust:
“The ability to hijack legitimate websites to execute individually-targeted malware attacks is easier than most IT/security professionals realize. The process to deliver customized, browser-rendered content–use of behavior profiles to recommend user-specific content–is the same one leveraged by bad actors to target their campaigns. Traditional security tools–blacklists, whitelists, generic threat intelligence, AVs, web filters and firewalls–are proving inadequate defenses against today’s dynamic websites, including government websites.”