Eilmeldung
INTLNorway Reaches World Cup Quarter-Finals for First Time After Beating BrazilTRDüğünde Çıkan Kavgada Tüfekle Ateş Açıldı: 1 Ölü, 6 YaralıAUPogačar and Del Toro Secure One-Two Finish in Barcelona, Vingegaard Maintains Yellow JerseyKR국민의힘 장동혁, '입틀막법' 시행에 "이재명 독재 완성"CN国务院安委会办公室等六部门联合部署开展安全生产“打非治违”工作KR광주경찰청 전담팀 구성…검찰도 직접수사 검토KR한국문화예술위원회, '아시아 투 아시아' 공개포럼 개최ESMéxico e Inglaterra pelean por un lugar en octavos de finalKR정상혁 행장 "더 많은 고객에 다가가 더 나은 설루션 제공"CN交通部觀光署推「搭好行 尋好康」暑期優惠活動 暢遊嘉義大阿里山INTLNorway Reaches World Cup Quarter-Finals for First Time After Beating BrazilTRDüğünde Çıkan Kavgada Tüfekle Ateş Açıldı: 1 Ölü, 6 YaralıAUPogačar and Del Toro Secure One-Two Finish in Barcelona, Vingegaard Maintains Yellow JerseyKR국민의힘 장동혁, '입틀막법' 시행에 "이재명 독재 완성"CN国务院安委会办公室等六部门联合部署开展安全生产“打非治违”工作KR광주경찰청 전담팀 구성…검찰도 직접수사 검토KR한국문화예술위원회, '아시아 투 아시아' 공개포럼 개최ESMéxico e Inglaterra pelean por un lugar en octavos de finalKR정상혁 행장 "더 많은 고객에 다가가 더 나은 설루션 제공"CN交通部觀光署推「搭好行 尋好康」暑期優惠活動 暢遊嘉義大阿里山
Newsgather
BackFBI Warns of Growing Cyber Threat Using Malicious Traffic Distribution Systems
FBI Warns of Growing Cyber Threat Using Malicious Traffic Distribution Systems
In Entwicklung
Times of India19.06.2026Technik4 dk okumaIndia

FBI Warns of Growing Cyber Threat Using Malicious Traffic Distribution Systems

Auf einen Blick

  • The FBI has issued a public advisory about a rising cyber threat involving malicious traffic distribution systems (TDSs).
  • These systems redirect users to scam websites, phishing pages, and malware downloads, bypassing firewalls and stealing sensitive information.

KI-generierte Zusammenfassung

Warum es wichtig ist

Cyber criminals are increasingly using malicious traffic distribution systems (TDSs) to redirect internet users to fraudulent websites, phishing pages, and malware downloads, posing a significant threat to personal and financial information.

Schriftgröße

The FBI has warned Americans about a growing cyber threat that uses fraudulent websites and fake login pages to steal money, passwords and personal information. In a new public advisory, the agency said cyber criminals are using malicious traffic distribution systems (TDSs) to secretly redirect internet users to scam websites, phishing pages and malware downloads. The FBI said these systems can also help attackers bypass traditional firewall protections and gain access to victim networks. According to the agency, criminals often lure users through fake advertisements, phishing emails and compromised websites that appear legitimate at first glance.

How a malicious traffic distribution system works

Initiation of Redirection Cyber criminals use a variety of methods to drive users to a TDS, including social engineering techniques, such as links included in phishing emails, search engine optimization poisoning that promotes fraudulent advertisement links that mimic legitimate ones, or the compromise of legitimate websites through changes to the website code. Legitimate websites are vulnerable to cyber criminal compromise when using insecure passwords or outdated website themes and plugins. Cyber criminals obtain unauthorized access to websites by brute forcing weak administrative passwords or leveraging exploits for outdated website plugins. After obtaining administrative access to legitimate websites, cyber criminals edit the website’s code, which redirects website visitors to a malicious TDS. Redirection Bypasses Firewall4 Cyber criminals often use TDS to bypass traditional firewall rules that would otherwise block connections to malicious websites. The TDS uses a complex chain of intermediate nodes to hide the final malicious destination, making it difficult to trace and block. Filtering Website Visitors Cyber criminals use TDS to analyze potential victims to target by collecting their IP address, operating system, location, device, and browser information. Based on the collected information, a malicious TDS can determine if a payload is effective and filter traffic accordingly. A cyber criminal can use a TDS to identify users in regions they are not targeting, allowing them to avoid detection by displaying safe content to undesired targets, including security researchers. Cyber Criminal Exploitation of Users Cyber criminals can exploit website visitor devices at the end of the TDS redirection chain by delivering phishing pages, financial scams, and other malware. Cyber criminals sometimes use a TDS to gain access to a victim’s network, often through malware distribution. Access to victim accounts obtained via network access may be sold for a fee to other cyber criminals, including ransomware groups.

Tips to protect yourself

The FBI recommends individuals take the following precautions to protect themselves from being targeted by a malicious TDS:

Exercise caution when clicking on advertisements Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious URL may be similar to a legitimate URL or a subdomain of a legitimate domain.

Keep Software Updated Regularly update website software plugins and themes to patch known vulnerabilities. Enable automatic updates for minor releases and plugins.

Use Security Plugins & Firewalls Install reputable plugins that provide a Web Application Firewall (WAF) to block malicious traffic.

Harden Login Security Enforce strong passwords for all users, implement Two-Factor Authentication (2FA), and limit login attempts to prevent brute-force attacks.

Avoid Unverified Developers Only install third-party plugins and themes from reputable, verified developers and official repositories.

The FBI recommends businesses take the following precautions to protect themselves from malicious TDS:

Change Default File Associations Consider changing the default file associations for js files so users cannot execute malicious js payloads delivered through malicious TDS.

Monitor Endpoints Monitor endpoints for suspicious execution of wscript.exe, cscript.exe and PowerShell scripts invoking web requests for suspicious files, specifically js, ps1, or svg files.

User Training and Awareness Combat phishing and social engineering tactics through user training and awareness.

Audit and Patch Web Hosting Administration Frequently audit Content Management System (CMS) admin, database, File Transfer Protocol (FTP) and web hosting accounts, use strong, unique passwords. Patch all CMS and third-party components.

Offene Fragen

  • What specific TDS variants are currently most prevalent?
  • How effective are current defenses against advanced TDS techniques?
  • What is the estimated financial loss attributed to TDS attacks?

Verwandte Themen

This article was originally published by Times of India.

Ähnliche Meldungen

Mehr zu diesem ThemaFBI