Express Computer
Home  »  Downloads  »  Resources  »  Security  »  Cyber Threat Report by Infoblox

Cyber Threat Report by Infoblox

Sponsored By: Infoblox
Resources Security
Published on : Nov 28, 2022

For some time, the Infoblox Threat Intelligence Group has been tracking a malvertising network (the “Omnatuor Malvertising Network”) that not only abuses push notifications, pop-ups, and redirects within a browser but continues to serve ads even after the user navigates away from the initial page. Omnatuor has been dismissed by the security community as adware, a label that implies the activity is largely a nuisance. This naive response underestimates the danger of the potential threat posed by malvertising in general, and the Omnatuor actor in particular. In addition to its ability to persist, the network delivers dangerous content.

Infobox has discovered and begun tracking multiple malvertising networks with a very broad reach into the consumer environment. They obtain this reach by locating and compromising massive numbers of web pages across the Internet and then relying on the tendency of users to click the accept buttons on pop-ups without carefully examining the notifications. We recently published an in-depth report about one of these actors and their network we call VexTrio.

The Omnatuor actor, like the VexTrio actor, takes advantage of WordPress vulnerabilities and is effective at spreading riskware, spyware, and adware. Also like the VexTrio actor, the Omnatuor actor uses an extensive infrastructure and has a broad reach into networks across the globe. We found over 9,900 domains and 170 IP addresses related to the original “seed” domain, omnatuor[.]com. Unlike the VexTrio actor, the Omnatuor actor uses a clever technique to achieve persistence across a user’s browsing patterns.

This report will provide detailed information about the actor’s techniques, tactics, and procedures (TTP). We detail the infrastructure, scope of activity, attack chain, preventative measures and remediation and, finally, indicators of compromise (IOCs). We have included a sample of these IOCs at the end of this report; for the complete list, see our GitHub repository. Watch this podcast episode of ThreatTalk to learn more about the Omnatour network, phishing and malvertising.

PLEASE FILL OUT INFORMATION BELOW AND SUBMIT

    Yes, I subscribe to marketing communications from Infoblox about its products, events and services.


    This is cohosted by Express Computer and Infoblox. Both companies will process your personal information. Each party will be responsible for managing their own use of your personal information.





    LIVE Webinar

    Digitize your HR practice with extensions to success factors

    Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
    REGISTER NOW 
    India's Leading e-Governance Summit is here!!! Attend and Know more.
    Register Now!
    close-image
    Attend Webinar & Enhance Your Organisation's Digital Experience.
    Register Now
    close-image
    Enable A Truly Seamless & Secure Workplace.
    Register Now
    close-image
    Attend Inida's Largest BFSI Technology Conclave!
    Register Now
    close-image
    Know how to protect your company in digital era.
    Register Now
    close-image
    Protect Your Critical Assets From Well-Organized Hackers
    Register Now
    close-image
    Find Solutions to Maintain Productivity
    Register Now
    close-image
    Live Webinar : Improve customer experience with Voice Bots
    Register Now
    close-image
    Live Event: Technology Day- Kerala, E- Governance Champions Awards
    Register Now
    close-image
    Virtual Conference : Learn to Automate complex Business Processes
    Register Now
    close-image