New ISACA guidance to help fight JavaScript redirection attacks

News by Roi Perez

New ISACA guidance will help cyber-security professionals identify a form of attack that helps hackers by utilising JavaScript code to redirect users to advertisements that generate revenue for the hacker.

The white paper, “Incident Response: Obfuscated JavaScript and Evil Adware Recognition,” analyses a web server malware sample from VirusShare.com to describe a real-world attack that compromises a website content management system (CMS) with JavaScript code. The attack analysis pinpoints traits associated with redirection attacks.

The whitepaper also includes figures highlighting network traffic captures, requests for JavaScript files, embedded redirect code and other elements associated with the attack.

The guidance examines how analysis of network traffic captures helped an organisation identify exploitation vectors. Malware analysts identified a variety of web requests to download and execute malicious JavaScript. Understanding that the malicious code and redirection to nefarious servers are indicators of web-server exploitation aiding the analysts in recognising characteristics of the attack, and can be useful in web-server evaluations.

“While cyber-attacks resulting in the theft of personal or financial information are well-documented, nefarious actors also are capable of more subtle attempts in pursuit of financial gains,” said Christos Dimitriadis, chair of ISACA's Board of Directors and group director of Information Security for INTRALOT.

Dimitriadis added: “This guidance will allow cyber-professionals and their organisations to be more vigilant in guarding against attacks on CMS JavaScript code.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events