The Unwinnable Match: Losing Even If Your Team Wins
2019 has been a big year for international sports with events such as the NBA finals, the Cricket World Cup, and FIFA’s Women’s World Cup (just to name a few) garnering massive viewing audiences around the world. So how does one stay current with these massive events if they don’t have the right cable package to watch them? Aside from going to a friend’s house or a bar, they search for a free viewing on the Internet.
At Awake, we have observed a recent spike in individuals streaming sports events while at work. In fact, more than half of our customers have had to deal with employees violating acceptable use policies to stream free content. What’s worse is that many of these instances have resulted in what is known as a drive-by download, where an adversary gains access to a system through a user visiting a seemingly benign website that is in fact compromised and downloads malicious code. With this technique, it is usually the user’s web browser that is targeted for exploitation or to install “man-in-the-browser” tools. In fact, there are often multiple malicious code snippets on the site in hopes that one will work on the user’s system/browser. Another common technique redirects the victim from the initial site to a page that hosts malicious content. In this case, the malicious actor hopes that the user falls for the trap and visits one of the malicious links listed on the site.
Let’s take a look at an interesting example recently uncovered at a customer. Here we have a user who is browsing Reddit looking for a free stream of a soccer (football) match. It appears the user did then find a site which they believe to be a safe environment to watch the match.
In this case, the quick detection enabled the customer to remediate the issue before a widespread infection. But this is a prime example of why user awareness and training are critical to decreasing the risk an organization faces. Additionally, when the inevitable does happen, a network traffic analysis tool that can identify behavioral threats acts as a powerful backstop.
- Domain the user was streaming from: f1livegp[.]net
Lead Network Threat Hunter
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
Real World Incidents Detected and Stopped by Awake
Organizations across industries use Awake every day to identify and stop modern threats from both internal and…