One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8566199 |
| Date de publication | 2024-08-29 14:00:00 (vue: 2024-08-29 14:17:38) |
| Titre | Une mesure du motif: comment les attaquants ont armé les outils d'analyse numérique A Measure of Motive: How Attackers Weaponize Digital Analytics Tools |
| Texte | Adrian McCabe, Ryan Tomcik, Stephen Clement
Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to deliver relevant content to their brand\'s biggest fan base, tools like link shorteners, location trackers, CAPTCHAs, and digital advertising platforms each play their part in making information universally accessible and useful to all. However, just as these tools can be used for good, they can also be used for malicious purposes. Mandiant and Google Cloud researchers have witnessed threat actors cleverly repurposing digital analytics and advertising tools to evade detection and amplify the effectiveness of their malicious campaigns. This blog post dives deep into the threat actor playbook, revealing how these tools can be weaponized by attackers to add malicious data analytics (“malnalytics”) capabilities to their threat campaigns. We\'ll expose the surprising effectiveness of these tactics and arm defenders with detection and mitigation strategies for their own environments. Get Shor.ty First entering the scene around the year 2000 and steadily gaining in popularity ever since, link shorteners have become a fairly ubiquitous utility for life on the Internet. In addition to the popular link shortening services like bit.ly and rb.gy, large technology companies like Amazon (a.co) and Google (goo.gl) also have (or had, in Google\'s case) their own link shortening structures and schemas. In the legitimate advertising and marketing sense, link shorteners are typically used as a mechanism to track things like click-through rates on advertisements, or to reduce the likelihood that a complicated URL with parameterized arguments will get mangled when being shared. However, link shorteners and link shortening services have also been used by threat actors (MITRE ATT&CK Technique T1608.005) to obscure the URLs of malicious landing pages, and Mandiant has observed threat actors using link shorteners to redirect victims during the initial access phase of an attack chain. Some recent examples include: A link shortener service used by UNC1189 (also known as “MuddyWater”) in spring of 2022 to funnel users to a phishing lure document hosted on a cloud storage provider. A set of SMS phishing campaigns orchestrated by a financially motivated threat actor between spring of 2021 and late 2022, which leveraged link shorteners to funnel users through a nested web of device, location, and browser checks to a set of forms that ultimately attempt to steal credit card information. A malvertising campaign in spring of 2023 that leveraged a link shortener to track click-through data for Dropbox URLs hosting malware payloads. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $evilscript $response *using 000 001 005 008 00:00:00 00:00:20 00:00:52 10: 11: 12: 136 13: 14: 15: 166 172 2000 2008 2020 2021 2022 2023 2024 216 220 221 5310d6b73d19592860e81e4e3a5459eb 703: |
| Tags | Malware Tool Vulnerability Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.