Pub. 12 2022-2023 Issue 5

We’ll rock your socks off. capital As a top Certified Development Company and Lender Service Provider, we help our banking partners succeed at SBA 504 and 7(a) lending. bsidecapital.org/co-lenders | 303.657.0010 Check out our library of SBA tools and resources in our Lender Portal. “B:Side Capital allows us to assist business owners through the SBA process with great rates, lower down payments, and an expedited process.” Today, TA-505 has changed course and is utilizing SEO poisoning. Thankfully, SEI has a repository of its malicious “fingerprints” from the past: domains and registry infrastructure it has utilized that help us track its activity. Once we make the connection, we can write signatures against TA-505’s newest malicious tactics. Attacker OpSec failures leave them open to identification. Protection against SEO attacks, in general, begins with good threat intelligence, blocking known websites and domains associated with these attacks. Beyond that, network tools like traffic decryption/inspection, intrusion detection/protection, and signature analysis can “see” the malicious download on its way in. If that fails and an endpoint agent is installed on that particular host, there’s a chance it will also see the threat. If both of these layers fail, hopefully the security program has the C2 signatures of that attack in its control set. The attackers are iterating to maximize their opportunity set and minimize their investment using SEO poisoning. We are iterating with them. The game will never end. Protection against SEO attacks, in general, begins with good threat intelligence, blocking known websites and domains associated with these attacks. March • April 2023 25

RkJQdWJsaXNoZXIy ODQxMjUw