The FBI advised Americans to exercise caution when clicking on online advertisements, warning that cybercriminals were using traffic distribution systems to redirect clicks to fraudulent websites.
A traffic distribution system (TDS) is a network that routes internet traffic and acts as an intermediary between a link and the subsequent webpage. Malicious actors use TDSs to steer “internet traffic visitors to different destinations after users visit webpages, click advertisement links, sign up for promotions and discounts, or download an application,” the FBI said in a June 18 public service announcement alert.
“Cyber criminals use TDSs to selectively redirect users to compromised or fake login websites that can host phishing pages for online financial fraud or prompt users to download software updates containing malware.”
The criminals can employ various methods to drive users to a TDS network, including placing links in phishing emails and through search engine optimization positioning, which promotes fraudulent ad links that mimic authentic webpages. They can also hack into legitimate websites and edit their code to redirect visitors to a TDS.
When criminals gain access to victims’ data, such information “may be sold for a fee to other cyber criminals, including ransomware groups,” the agency stated.
The FBI said threat actors use traffic distribution systems to bypass traditional firewall systems that would otherwise block malicious websites.
Furthermore, traffic distribution systems collect IP addresses, locations, device information, browser details, and operating system information, which can then be used to filter targets. This allows criminals to display “safe content” to targets they deem undesirable, such as security researchers, thereby bypassing detection.
People should keep their software updated, harden login security, and install only third-party plugins from reputable developers, the agency said.
A March 19 report by security research company Insikt Group said that “[traffic distribution systems] continued to gain prominence” within criminal ecosystems last year. The group said it observed “sustained and widespread use” of traffic distribution systems.
“[The ability of traffic distribution systems] to deliver malicious payloads while evading detection made them a core component of modern cybercriminal operations,” the report said.
Dismantling Global Malware
Meanwhile, the FBI announced in a June 18 Facebook post that the agency, together with international law enforcement partners, disrupted the SocGholish malware.
“SocGholish, active since 2018, is a JavaScript-based malware that masquerades as a legitimate browser update via compromised websites. The malware establishes an initial foothold into victim computers, collectively known as a botnet, and is then used by threat actors for further targeting with ransomware campaigns and espionage,” the post said.
“As part of the operation, 106 servers and domains were taken down, 14,971 websites were remediated, the botnet was disabled, and victims were notified.”
The disruption was part of Operation Endgame, which, according to a June 18 statement from the Netherlands’ national police force, is the “largest international operation ever undertaken” to counter cybercrime and ransomware globally.
In addition to the United States and the Netherlands, other nations in the operation include Australia, Belgium, the UK, Germany, and Canada.
The FBI said the crackdown was also part of Operation Riptide, an agency campaign that targets criminals, financial networks, and infrastructure behind cybercrimes and fraud against American citizens.
Friends Read Free
Copy
Facebook
Tweet
