Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Beware: Malvertising Campaign Hits Nearly a Million Devices

    Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world.

    The campaign, which began on illegal streaming sites, impacted both consumer and enterprise devices across a wide range of industries.

    “Analysis of the redirector chain determined the attack likely originated from illegal streaming websites where users can watch pirated videos,” Microsoft says.

    “The streaming websites embedded malvertising redirectors within movie frames to generate pay-per-view or pay-per-click revenue from malvertising platforms. These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub.”

    The malicious ads took users to a site that roped them into a tech support scam designed to trick them into installing malware. In most cases, the malware was delivered via GitHub, although Microsoft also observed instances in which the attackers used Dropbox or Discord.

    “The GitHub repositories, which were taken down, stored malware used to deploy additional malicious files and scripts,” Microsoft says. “Once the initial malware from GitHub gained a foothold on the device, the additional files deployed had a modular and multi-stage approach to payload delivery, execution, and persistence. The files were used to collect system information and to set up further malware and scripts to exfiltrate documents and data from the compromised host.”

    Microsoft recommends that users follow security best practices, including implementing multi-factor authentication, to thwart these types of attacks.

    “Require multi-factor authentication (MFA). While certain attacks such as adversary-in-the-middle (AiTM) phishing attempt to circumvent MFA, implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats,” the researchers write https://tidorg.com/ourservices/educate/ew-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Microsoft has the story.


    Go Phishing Now!https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top