SlideShare a Scribd company logo

Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes

Download as PPTX, PDF
Chris Furton
Chris Furton

This cybersecurity threat brief explores two web-based attacks that put businesses at risk. Malvertising and Watering Holes.

Technology
1 of 12
 Evolution of technology leans to more and more web-based usage › HTML5 applications › Software-as-a-Service  Business involvement in Social Media › Increase reliance on Facebook, twitter, and other social sites for customer interactions › Brand development and growth for reasonable cost  It is all about the Web. And will continue that way.
 Malvertising (or malicious advertising) uses legitimate advertising channels to propagate malicious ads.  Victims may or may not have to click the ads depending on the attack. › Clicked ads can redirect victim to malicious site › Zero-day exploit (i.e., Adobe Flash) can install malware without user action
 Attacks are generally broad in nature and typically use known vulnerabilities.  Attacks leverage wide distribution of ads through legitimate ad networks to increase likelihood of luring a victim.  According to ComScore1 data, 53 billion ads contained malicious content or redirected to malicious content.
 Leverage rich content from Adobe Flash Player, Reader, etc.  Can use iframe injection to trigger background installations.  Pop-up and banner ads through ad networks.  Clickjacking - tricking a victim into clicking something other than what was intended.
 Patching – keep browsers (i.e., Firefox, IE, Chrome) up to date. This ensures known vulnerabilities can’t be exploited.  Vulnerability Management – implement a scanning process for known vulnerabilities. Identify and remediate.  Monitor outbound traffic – Whitelist if possible. Block traffic to known bullet-proof hosts.  Use Ad blocking software. Ghostly or NoScript. (keep in mind implications)  Train users to hover before clicking.  Configure X-Frame Options and employ anti- clickjacking attributes.
 Watering Holes – Compromised trusted websites contain malware.  Trust relationships between sites are exploited to push malware to user.  Often use zero-day vulnerabilities to execute attack.
 Attacks are generally narrow in nature and typically use unknown vulnerabilities.  Attacks typically are targeted and require significant intelligence resources.  Much more sophisticated than other attacks. (i.e., smells like state-sponsored)
 Leverages application layer protocols including TLS/SSL and HTTP.  Often browser-specific due to unique vulnerabilities.  Can exploit Application Programming Interfaces (API) such as ActiveX
 Very little can be done to specifically mitigate watering hole attacks. However: › Vulnerability Management will help patch holes as soon as they are announced. › Monitoring outbound traffic can help identify if an exploit has been successful. › Strong incident response to identify and react to minimize damage. › Network segmentation to minimize exposure › Overall high security awareness in the organization.
 1 - http://www.mintel.com/blog/technology-market- news/malvertising-the-internets-billion-dollar-problem  2 - Cyveillance – a QinetiQ Company - https://blog.cyveillance.com/when-good-sites-go-bad-malvertising- and-watering-holes- infographic/?utm_source=social&utm_medium=twitter&utm_conten t=post%204&utm_campaign=MWH  Great Infographic: https://blog.cyveillance.com/wp- content/uploads/Malvertise_info_6001.jpg
Christopher Furton is an Information Technology Professional with over 12 years in the industry. He attended The University of Michigan earning a B.S. in Computer Science and completed a M.S. in Information Management from Syracuse University in 2015. His career includes managing small to medium size IT infrastructures, service desks, and IT operations. Over the years, Christopher has specialized in Cyber Security while working within the Department of the Defense and the United States Marine Corps. His research topics include vulnerability management, cyber security governance, privacy, and cyber risk management. He holds active IT Certifications including the CISSP, CEH, ITIL Foundations, Security+CE and Network+CE. He can be found on LinkedIn, Google+, and Twitter @IT_Mgmt_Chris. Additional information available on Christopher Furton's website at http://christopher.furton.net.

Recommended

Malvertisement the covert advert
Malvertisement the covert advertMalvertisement the covert advert
Malvertisement the covert advertizoologic
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersdenniskelly315
 
3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account Hacks3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account HacksNexgate
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 

Recommended

Malvertisement the covert advert
Malvertisement the covert advertMalvertisement the covert advert
Malvertisement the covert advertizoologic
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersdenniskelly315
 
3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account Hacks3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account HacksNexgate
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
Bug bounty hunting
Bug bounty huntingBug bounty hunting
Bug bounty huntingredteamacademypromo
 
Bug Bounty
Bug BountyBug Bounty
Bug BountyHariprasad KA
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
spyware
spywarespyware
spywareAkhil Kumar
 
Spyware
SpywareSpyware
Spywareguest6fde72
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of ComputersGronHatchat
 
Bug bounty
Bug bountyBug bounty
Bug bountyRamin Farajpour Cami
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Online safety and malwares
Online safety and malwaresOnline safety and malwares
Online safety and malwaresFersie Ann Malacas
 
Security Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanSecurity Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanMegan Bell
 
Security Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesSecurity Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesCatherine MacAllister
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
Cybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaCybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaMuhammadRadwan10
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Akhil Sharma
 
AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'bugcrowd
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 

More Related Content

What's hot

Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of ComputersGronHatchat
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Security Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanSecurity Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanMegan Bell
 
Security Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesSecurity Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesCatherine MacAllister
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
Cybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaCybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaMuhammadRadwan10
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Akhil Sharma
 
AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'bugcrowd
 

What's hot (20)

Bug bounty hunting
Bug bounty huntingBug bounty hunting
Bug bounty hunting
 
Bug Bounty
Bug BountyBug Bounty
Bug Bounty
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
 
spyware
spywarespyware
spyware
 
Spyware
SpywareSpyware
Spyware
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-Interactive
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of Computers
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Online safety and malwares
Online safety and malwaresOnline safety and malwares
Online safety and malwares
 
Security Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanSecurity Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus Trojan
 
Security Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesSecurity Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 Viruses
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches
 
Cybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaCybersecurity Cyber Usalama
Cybersecurity Cyber Usalama
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
 
AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'
 

Similar to Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes

Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising Mohd Arif
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Malware in penetration testing 1
Malware in penetration testing 1Malware in penetration testing 1
Malware in penetration testing 1Arbab Usmani
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedJennifer Campbell
 
What is the watering hole techniqueThe term watering hole” refer.docx
What is the watering hole techniqueThe term watering hole” refer.docxWhat is the watering hole techniqueThe term watering hole” refer.docx
What is the watering hole techniqueThe term watering hole” refer.docxsorayan5ywschuit
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web securityIAEME Publication
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Wail Hassan
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromiseTrend Micro
 

Similar to Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes (20)

Research Paper
Research PaperResearch Paper
Research Paper
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Malware in penetration testing 1
Malware in penetration testing 1Malware in penetration testing 1
Malware in penetration testing 1
 
Major Prc.pptx
Major Prc.pptxMajor Prc.pptx
Major Prc.pptx
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent Involved
 
What is the watering hole techniqueThe term watering hole” refer.docx
What is the watering hole techniqueThe term watering hole” refer.docxWhat is the watering hole techniqueThe term watering hole” refer.docx
What is the watering hole techniqueThe term watering hole” refer.docx
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To Compromise
 

More from Chris Furton

Information Architecture Techniques and Best Practices
Information Architecture Techniques and Best PracticesInformation Architecture Techniques and Best Practices
Information Architecture Techniques and Best PracticesChris Furton
 
Case Study on Effective IS Governance within a Department of Defense Organiza...
Case Study on Effective IS Governance within a Department of Defense Organiza...Case Study on Effective IS Governance within a Department of Defense Organiza...
Case Study on Effective IS Governance within a Department of Defense Organiza...Chris Furton
 
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...Chris Furton
 
Configuration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability ManagementConfiguration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability ManagementChris Furton
 
Analysis of Enterprise Risk Management of Two Retail Industry Competitors
Analysis of Enterprise Risk Management of Two Retail Industry CompetitorsAnalysis of Enterprise Risk Management of Two Retail Industry Competitors
Analysis of Enterprise Risk Management of Two Retail Industry CompetitorsChris Furton
 
Christopher furton-darpa-project-memex-erodes-internet-privacy
Christopher furton-darpa-project-memex-erodes-internet-privacyChristopher furton-darpa-project-memex-erodes-internet-privacy
Christopher furton-darpa-project-memex-erodes-internet-privacyChris Furton
 
Mock Panel debate on hate speech
Mock Panel debate on hate speechMock Panel debate on hate speech
Mock Panel debate on hate speechChris Furton
 
DARPA Project Memex Erodes Privacy
DARPA Project Memex Erodes PrivacyDARPA Project Memex Erodes Privacy
DARPA Project Memex Erodes PrivacyChris Furton
 
IT Strategy in Airlines Industry
IT Strategy in Airlines IndustryIT Strategy in Airlines Industry
IT Strategy in Airlines IndustryChris Furton
 

More from Chris Furton (9)

Information Architecture Techniques and Best Practices
Information Architecture Techniques and Best PracticesInformation Architecture Techniques and Best Practices
Information Architecture Techniques and Best Practices
 
Case Study on Effective IS Governance within a Department of Defense Organiza...
Case Study on Effective IS Governance within a Department of Defense Organiza...Case Study on Effective IS Governance within a Department of Defense Organiza...
Case Study on Effective IS Governance within a Department of Defense Organiza...
 
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...
IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for th...
 
Configuration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability ManagementConfiguration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability Management
 
Analysis of Enterprise Risk Management of Two Retail Industry Competitors
Analysis of Enterprise Risk Management of Two Retail Industry CompetitorsAnalysis of Enterprise Risk Management of Two Retail Industry Competitors
Analysis of Enterprise Risk Management of Two Retail Industry Competitors
 
Christopher furton-darpa-project-memex-erodes-internet-privacy
Christopher furton-darpa-project-memex-erodes-internet-privacyChristopher furton-darpa-project-memex-erodes-internet-privacy
Christopher furton-darpa-project-memex-erodes-internet-privacy
 
Mock Panel debate on hate speech
Mock Panel debate on hate speechMock Panel debate on hate speech
Mock Panel debate on hate speech
 
DARPA Project Memex Erodes Privacy
DARPA Project Memex Erodes PrivacyDARPA Project Memex Erodes Privacy
DARPA Project Memex Erodes Privacy
 
IT Strategy in Airlines Industry
IT Strategy in Airlines IndustryIT Strategy in Airlines Industry
IT Strategy in Airlines Industry
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes

  • 1.
  • 2.  Evolution of technology leans to more and more web-based usage › HTML5 applications › Software-as-a-Service  Business involvement in Social Media › Increase reliance on Facebook, twitter, and other social sites for customer interactions › Brand development and growth for reasonable cost  It is all about the Web. And will continue that way.
  • 3.  Malvertising (or malicious advertising) uses legitimate advertising channels to propagate malicious ads.  Victims may or may not have to click the ads depending on the attack. › Clicked ads can redirect victim to malicious site › Zero-day exploit (i.e., Adobe Flash) can install malware without user action
  • 4.  Attacks are generally broad in nature and typically use known vulnerabilities.  Attacks leverage wide distribution of ads through legitimate ad networks to increase likelihood of luring a victim.  According to ComScore1 data, 53 billion ads contained malicious content or redirected to malicious content.
  • 5.  Leverage rich content from Adobe Flash Player, Reader, etc.  Can use iframe injection to trigger background installations.  Pop-up and banner ads through ad networks.  Clickjacking - tricking a victim into clicking something other than what was intended.
  • 6.  Patching – keep browsers (i.e., Firefox, IE, Chrome) up to date. This ensures known vulnerabilities can’t be exploited.  Vulnerability Management – implement a scanning process for known vulnerabilities. Identify and remediate.  Monitor outbound traffic – Whitelist if possible. Block traffic to known bullet-proof hosts.  Use Ad blocking software. Ghostly or NoScript. (keep in mind implications)  Train users to hover before clicking.  Configure X-Frame Options and employ anti- clickjacking attributes.
  • 7.  Watering Holes – Compromised trusted websites contain malware.  Trust relationships between sites are exploited to push malware to user.  Often use zero-day vulnerabilities to execute attack.
  • 8.  Attacks are generally narrow in nature and typically use unknown vulnerabilities.  Attacks typically are targeted and require significant intelligence resources.  Much more sophisticated than other attacks. (i.e., smells like state-sponsored)
  • 9.  Leverages application layer protocols including TLS/SSL and HTTP.  Often browser-specific due to unique vulnerabilities.  Can exploit Application Programming Interfaces (API) such as ActiveX
  • 10.  Very little can be done to specifically mitigate watering hole attacks. However: › Vulnerability Management will help patch holes as soon as they are announced. › Monitoring outbound traffic can help identify if an exploit has been successful. › Strong incident response to identify and react to minimize damage. › Network segmentation to minimize exposure › Overall high security awareness in the organization.
  • 11.  1 - http://www.mintel.com/blog/technology-market- news/malvertising-the-internets-billion-dollar-problem  2 - Cyveillance – a QinetiQ Company - https://blog.cyveillance.com/when-good-sites-go-bad-malvertising- and-watering-holes- infographic/?utm_source=social&utm_medium=twitter&utm_conten t=post%204&utm_campaign=MWH  Great Infographic: https://blog.cyveillance.com/wp- content/uploads/Malvertise_info_6001.jpg
  • 12. Christopher Furton is an Information Technology Professional with over 12 years in the industry. He attended The University of Michigan earning a B.S. in Computer Science and completed a M.S. in Information Management from Syracuse University in 2015. His career includes managing small to medium size IT infrastructures, service desks, and IT operations. Over the years, Christopher has specialized in Cyber Security while working within the Department of the Defense and the United States Marine Corps. His research topics include vulnerability management, cyber security governance, privacy, and cyber risk management. He holds active IT Certifications including the CISSP, CEH, ITIL Foundations, Security+CE and Network+CE. He can be found on LinkedIn, Google+, and Twitter @IT_Mgmt_Chris. Additional information available on Christopher Furton's website at http://christopher.furton.net.

Editor's Notes

  1. 1 - http://www.mintel.com/blog/technology-market-news/malvertising-the-internets-billion-dollar-problem
  2. 1 - http://www.mintel.com/blog/technology-market-news/malvertising-the-internets-billion-dollar-problem