Right now, as you read this, there are a few recent exploits that are being heavily used by attackers engaged in cyber espionage to take a foothold onto various networks. In general a well patched system will be immune from many of the attacks, but in several cases previously unknown 0-day exploits (no available patch) have found their way onto these sites - in short the average visitor may not have much of a chance to defend themselves.Ī simple one line code addition to a website, such as those seen below, can set off a chain reaction that can spell disaster for an organization. In these cases, normally trusted websites have been compromised to serve up malicious code designed to give backdoor access into the systems of unsuspecting visitors. In the past few years we have witnessed several strategic web compromises of organizations in a variety of fields with a recurring focus on those involved with freedom of speech, human rights, defense, foreign policy and foreign relations. Instead the attackers place their exploit code on websites that cater towards a particular set of visitors that they might be interested in. The goal is not large-scale malware distribution through mass compromises. This is where the advanced attackers engaged in cyber espionage campaigns tend to set themselves apart from the others and narrow their focus through what we call strategic web compromises. In most cases the miscreant’s goal is to serve malicious exploits to as many people as possible from as many locations as they can. Internet users are constantly at risk from a daily barrage of exploits across the web as a result of mass SQL injections, malicious advertisements, stored cross site scripting (XSS), compromised web servers, etc. The idea of distributing malware via drive-by exploits is not new at all. In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits.
0 Comments
Leave a Reply. |