Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Beware: Malvertising Campaign Hits Nearly a Million Devices

    blog.knowbe4.comhubfsMicrosoft Top Impersonated Brand in PhishingMicrosoft warns that a widespread malvertising campaign hit nearly one million devices around the world.

    The campaign, which began on illegal streaming sites, impacted both consumer and enterprise devices across a wide range of industries.

    “Analysis of the redirector chain determined the attack likely originated from illegal streaming websites where users can watch pirated videos,” Microsoft says.

    “The streaming websites embedded malvertising redirectors within movie frames to generate pay-per-view or pay-per-click revenue from malvertising platforms. These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub.”

    The malicious ads took users to a site that roped them into a tech support scam designed to trick them into installing malware. In most cases, the malware was delivered via GitHub, although Microsoft also observed instances in which the attackers used Dropbox or Discord.

    “The GitHub repositories, which were taken down, stored malware used to deploy additional malicious files and scripts,” Microsoft says. “Once the initial malware from GitHub gained a foothold on the device, the additional files deployed had a modular and multi-stage approach to payload delivery, execution, and persistence. The files were used to collect system information and to set up further malware and scripts to exfiltrate documents and data from the compromised host.”

    Microsoft recommends that users follow security best practices, including implementing multi-factor authentication, to thwart these types of attacks.

    “Require multi-factor authentication (MFA). While certain attacks such as adversary-in-the-middle (AiTM) phishing attempt to circumvent MFA, implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats,” the researchers write.

    New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Microsoft has the story.

     

    Return To KnowBe4 Security Blog

    12+ Ways to Hack Multi-Factor Authentication eBook

    All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks. 

    12 Ways MFA EBookYou will learn more about:

    • Two-factor authentication basics
    • How to hack two-factor authentication
    • How to best protect your organization from cybercriminals

    Get the eBook

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/12-way-to-hack-two-factor-authentication

    Topics: Social Engineering, Phishing, Security Culture, MFA

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews