Unmasking the Tricksters: The World of Fake Browser Updates
Oct 31, 2023 ·
31m 41s
Download and listen anywhere
Download your favorite episodes and enjoy them, wherever you are! Sign up or log in now to access offline listening.
Description
How can you tell when a website (yes, a website) is compromised? These threats are pretty crafty because they aren't out to target specific individuals; they just wait for folks...
show more
How can you tell when a website (yes, a website) is compromised? These threats are pretty crafty because they aren't out to target specific individuals; they just wait for folks like you and me to innocently click on compromised websites during our regular browsing.
But these threats don't stop at casual browsing. They sneak into emails, social media, search engines, and even web alerts. They're like chameleons, adapting to different situations.
Our guest today is Dusty Miller, a Threat Detection Analyst at Proofpoint. He identifies four key groups: SocGholish, RogueRaticate/FakeSG, ZPHP/SmartApeSG, and ClearFake. Each has its own style and tricks, but they all love using that tempting fake browser update ruse.
These threats work because they exploit our trust in websites we've visited before. Users tend to trust websites they've visited before, making them more susceptible to clicking on fake browser update prompts.
Responding to these threats isn't a walk in the park for defenders. To tackle them effectively, you need to pinpoint which specific threat you're dealing with and respond accordingly. It's like playing a game with multiple rulebooks; you've got to know which one you're up against.
TIMESTAMPS
[1:45] Fake Browser Opportunities
[5:00] Threat Actors Using Malware
[9:00] Browser Malware Clusters & Tactics
[18:00] Combating Fake Updates
[19:00] Naming New Malware
[28:00] Why These Threats
Resources mentioned:
Dr. Bob Hausmann Episode
“Are You Sure Your Browser is Up to Date?...” by Dusty Miller
For more information, check out our website.
show less
But these threats don't stop at casual browsing. They sneak into emails, social media, search engines, and even web alerts. They're like chameleons, adapting to different situations.
Our guest today is Dusty Miller, a Threat Detection Analyst at Proofpoint. He identifies four key groups: SocGholish, RogueRaticate/FakeSG, ZPHP/SmartApeSG, and ClearFake. Each has its own style and tricks, but they all love using that tempting fake browser update ruse.
These threats work because they exploit our trust in websites we've visited before. Users tend to trust websites they've visited before, making them more susceptible to clicking on fake browser update prompts.
Responding to these threats isn't a walk in the park for defenders. To tackle them effectively, you need to pinpoint which specific threat you're dealing with and respond accordingly. It's like playing a game with multiple rulebooks; you've got to know which one you're up against.
TIMESTAMPS
[1:45] Fake Browser Opportunities
[5:00] Threat Actors Using Malware
[9:00] Browser Malware Clusters & Tactics
[18:00] Combating Fake Updates
[19:00] Naming New Malware
[28:00] Why These Threats
Resources mentioned:
Dr. Bob Hausmann Episode
“Are You Sure Your Browser is Up to Date?...” by Dusty Miller
For more information, check out our website.
Information
Author | Proofpoint |
Organization | Mindy |
Website | - |
Tags |
-
|
Copyright 2024 - Spreaker Inc. an iHeartMedia Company