Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Phishing techniques your Anti-Virus doesn’t even know about
#1
https://about.privatizeme.com/blog/phish...about.html      Phishing techniques your Anti-Virus doesn’t even know about   News about ransomware and malware exploits crippling business operations for weeks is widespread. Smaller rural hospitals, SMEs, local governments and 911 centers seem to have been targeted.  Such exploits inadvertently enter corporate networks when employees open malicious email or visit sites that introduce malware onto their PCs/Macs.

Ransomware is not unique to corporate networks; it could also happen to users of home PC or Macs and may have a larger impact on non-expert users, especially if they don’t regularly backup their computers. We will talk about Corporate Networks in this blog, but the same message applies to the home computers.

Cyber stalkers are getting more sophisticated — instead of using a spray and pray approach to spread phishing exploits via email, they are now targeting people based on their online profiles, by leading them to sites (honeypots) with targeted content (and malware). Some cyber stalkers are aiming at specific classes of users through targeted mal-advertising piggybacking on traditional ad platforms like Yahoo and DoubleClick.

As employees browse sites, their browser collects trackers from trusted and untrusted parties. Browser trackers are more than just cookies. Cookies, those tidbits of information, used to be only from the websites you visited. With the proliferation of ad networks and third party content, information is being placed on employee computers by people you don’t know or trust. This additional information is being used to track users from website to website (cross domain tracking), determining their browsing and buying habits, their online activities and to also develop profiles, which are sold by data brokers for a fee.

Simply deleting browser cookies occasionally will not prevent cross domain tracking or profile development. Javascript, flash code executed on your browser and adding/retrieving of information buried in internal browser databases, your browser reveals your identity to visted websites and their partners. In addition, your device can be queried by a website or ad platform to reveal unique characteristics (i.e. digital fingerprints) that can identify you.

Now imagine you are the CISO at a 3D Chip design company developing a new AI engine costing tens of millions in R&D.   If a sovereign spy network wants your secrets, they can target your employees (and users from other chip companies with characteristics like your employees) by posting ads (using legitimate ad networks and their targeting techniques) for non-existent seminars or conferences. Once your employee is lured to the conference site, they could be tempted to download malware or be infected by sleeper malware contained in ad itself (malvertising). Since the conference site is not a popular site or the sleeper malware is a zero–day exploit your anti-virus or anti-phishing endpoint software is unlikely to catch it. Many of these exploits surreptitiously case the internal corporate network and do not transfer or delete files and are not discovered by anti-virus programs. In short, today a threat can be introduced into the corporate network, not in the form of an infection, but in the form of a covert signal to the bad actor when a specific personal profile joins a targeted corporate network.

Firewalls are designed to keep external threats from entering your network, but can do little when those threats are introduced by devices inside your protected network. The reality is, despite your firewalls and policies, it is inevitable your employees will surf the net at work, home and on public networks and bring malware into your network.

PrivatizeMe eliminates these trackers and periodically changes the digital fingerprint of the user’s device. Deleting cookies and changing a devices digital fingerprint gives the appearance of a new and unique user. If users can’t be identified, they can’t be individually targeted. 

PrivatizeMe’s “Effortless Privacy Protection” defeats attempts by cyber stalkers to invade your employee’s online privacy without changing the way they browse.  With such protection from being stalked, digital fingerprinted and profiled, your employees cannot be targeted with spear phishing exploits and malvertisements or be led to targeted watering holes laden with malicious malware.

CISOs can now deploy our solution across their organizations to every employee’s Windows PC or Mac and in turn protect their network. Unlike firewalls and anti-virus, which protects the computer, PrivatizeMe protects employee privacy and eliminates trackers. PrivatizeMe complements firewalls and policies by preventing a digital fingerprint from being developed, obscuring the individual. Without good targeting information, spear phishing and targeted malvertisement attacks are much less successful.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Anti-Phishing Certification Bitdefender 2022 96% APPROVED mrtrout 0 535 07-13-2022 , 02:09 AM
Last Post: mrtrout
Sad John McAfee: Anti-virus creator found dead in prison cell! ahmed 1 913 06-24-2021 , 07:43 PM
Last Post: Bjyda
  Ransomware gangs are running riot and paying them off doesn't help Bjyda 0 1,352 02-18-2021 , 12:24 AM
Last Post: Bjyda
  The Lazarus cybercrime group uses traditional APT techniques to spread VHD ransomware mrtrout 0 1,330 07-29-2020 , 06:58 AM
Last Post: mrtrout
  Avira Gets 91% In Anti-Phishing Certification mrtrout 0 1,116 07-26-2020 , 05:58 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)