Security research firm ESET found that content delivery networks (CDNs) offer more than just ways to optimize bandwidth: They can also be a source of malware.
ESET observed certain methods that are being put into use as the basis for a new kind of attack, including the use of remote scripts and command-and-control (C&C) techniques, reported We Live Security.
This framework has enough functionality to get various modules from the C&C and execute them individually. One example of this technique used Facebook’s content delivery network to load a banking Trojan that worked only for Brazilian banks.
Content delivery networks present a number of problems for malware detection along with their intended use. For example, the IP of such a network is virtually unblockable if it is delivering malware. Blocking the IP will not work in this case due to a flood of uncompromised information originating from the malware. Additionally, finding appropriate IoCs may be hard due to the high volume of traffic originating from such a site.
Like fileless malware, this kind of security challenge requires different methods to both detect it and to mitigate it. However, the advice of not clicking on unknown links or documents remains as apt as ever.