What is VexTrio, and why is Australia and APAC in its sights?
VexTrio, a malicious web traffic broker targeting business and consumer internet users, has been active for over six years. Infoblox estimates the value of the VexTrio threat to be $10 trillion USD in 2023, with a projected increase to $25 trillion USD by 2025. VexTrio operates as a traffic distribution system, passing users through its affiliate network to other criminal entities for malware and phishing attacks.
VexTrio wants APAC and Australian business and consumer internet users
VexTrio targets internet users in APAC, Australia, and New Zealand without bias against specific regions. Operating in 32 languages, complaints have been rising from the region, with Japan being a significant source of complaints. VexTrio primarily compromises websites vulnerable to attacks, such as those using WordPress, to target victims.
Opening a limited window onto the operations of global cybercrime
The revelation of VexTrio sheds light on the global cybercrime ecosystem. Cybercriminals engage in a larger criminal economy by buying and selling goods and services, forming strategic partnerships to extend their operations. Despite being a known threat, VexTrio’s identity and location remain a mystery.
What are the common signs of a VexTrio attack on a business
VexTrio and its affiliates commonly use a “drive-by compromise” method to target businesses. Compromised websites redirect users to malicious infrastructure, collecting information like IP addresses. Employees may encounter compromised websites through search results, leading to further attacks like spear phishing emails and unauthorized browser control.
What can APAC IT pros do to protect themselves from VexTrio?
Infoblox recommends focusing on disrupting middlemen like VexTrio rather than endpoint malware or phishing pages. Protective DNS services can analyze and mitigate threats at the DNS level, enhancing network security. By implementing protective DNS mechanisms, IT professionals in APAC can prevent access to malicious domains and block threats at the middle layer.
No Comment! Be the first one.