Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Q2 2015 State of Infections Report Highlights ‘Click-Fraud’ as Entry Route for High Risk Ransomware

by The Gurus
June 26, 2015
in Editor's News
Share on FacebookShare on Twitter

Damballa, the experts in advanced threat protection and containment, today released its Q2 2015 State of Infections Report, highlighting how a device hi-jacked for the purpose of conducting ‘click-fraud’  can become a conduit for more serious malware such as ransomware.   The study cited an example of how a compromised device, originally exploited for the seemingly innocuous purpose of click fraud – a scam to defraud ‘pay-per-click’ advertisers –   became part of a chain of infections, which led within two hours to the introduction of the toxic ransomware CryptoWall –  the cyber equivalent of a ‘wolf in sheep’s clothing’.
The analysis highlights not only how a low-level threat can open the door for serious and more damaging infections, but also the importance of swiftly identifying malicious activity in order to minimize the likelihood of infection.

Lifecycle of an Infection

The findings come from analysis of RuthlessTreeMafia – click fraud malware introduced by the botnet Asprox.  In this incidence botnet-infected devices were used to generate fake clicks on ads, a practice which cheats advertisers out of millions of dollars and costs businesses some $6.3 billion* a year.
Once the device was under the command of the botnet, the RuthlessTreeMafia operators were able to sell access to the compromised device to other threat actors, who used downloaders to deliver the Rerdom and Rovnix Trojans, generating additional revenue for the criminal operators.
As the click-fraud infection chain continued, the device was infected with the CryptoWall ransomware, which encrypts the files on the host system in seconds, making it inaccessible to the user.  The click fraud activity continues as the device remained under criminal control, and the attacker continues to make money from control of the compromised device. Within two hours, the initial click fraud infection had escalated to subject the compromised device to three further click fraud infections as well as CryptoWall itself.
Commenting on the findings, Stephen Newman, CTO Damballa said, “As this report highlights, advanced malware can quickly mutate and it’s not just the initial infection vector that matters, it’s about understanding the chain of activity over time.  The intricacies of advanced infections mean that a seemingly low risk threat – in this case click fraud – can serve as the entry point for far more serious threats.”
He continues:  “The changing nature of these attacks, underscores the importance of being armed with advanced detection, to combat these more stealthy threats.  As infections can spread quickly through the network, security teams should take proactive measures to avoid becoming a cautionary click-fraud tale.”
The full report can be downloaded here: https://www.damballa.com/q2-2015-state-of-infections-report-highlights-click-fraud-as-entry-route-for-high-risk-ransomware/

FacebookTweetLinkedIn
Tags: Asproxclick fraudCryptowallCyber SecurityDamballainfosecRansomware
ShareTweetShare
Previous Post

Indiana town judge says attackers gained access to classified court records

Next Post

Interview with Ashley Stephenson, CEO at Corero Network Security, on DDoS Attacks

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information