The DCA report provides strong evidence that content theft sites are bad online neighborhoods you don’t want employees visiting. Content thieves and those who develop and push malware have joined efforts to earn more profits from traffic to content theft sites.
In the study, our researchers probed 800 sites and found visitors were 28X more likely to get infected with malware when visiting content theft sites than visiting sites from a control group of non-content theft sites, with comparable traffic levels. Pages 3-5 of the report discuss the research methodology in more detail.
Of the total infections, 45% were drive-by-downloads. The total impact was estimated to infect around 12 million consumers.
Researchers posed as cyber thieves and entered the Dark Web to gather qualitative evidence on the connection between content theft sites and malware distributors. They found malware distributors were using a similar form of the affiliate model used in ad delivery to spread malware.
Payments were offered on a PPI (pay per install of malware) as well as the standard ‘pay per click’ or ‘pay per action’ payouts. Pages 19-23 of the report discuss the findings in more detail.
The data RiskIQ collected corroborates the findings. Out of the entire sample of content theft sites, the infection rate was 8% -- contrasted with a .3% infection rate from the control sites. Twenty of the content theft sites had a whopping 75% infection rate.
Content theft sites are bad neighborhoods you want anyone touching your network to avoid. Of course you can’t control where they go once they are outside of your network, which makes this a tricky outside the firewall problem.
Because security isn’t strong in the ad ecosystem, malicious digital ads can easily find their way onto websites. To ensure difficult to detect cyber threat vectors like malvertising, aren’t turning your company’s digital footprint (web, mobile, and social assets) into a bad neighborhood, it’s important to discover, index, and monitor Internet assets from the outside in.
Click here to learn more about RiskIQ’s discovery, inventory, and cyber threat detection technology.
Questions or comments? Please share in the comments section below.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...