The FBI Warns of Malicious Traffic Distribution Systems being increasingly used by cybercriminals to redirect internet users to phishing pages, malware downloads, ransomware attacks, and online financial scams. In a newly released Public Service Announcement (PSA), the Federal Bureau of Investigation cautioned that cybercriminals are leveraging Traffic Distribution Systems (TDS) to gain access to victim networks while evading traditional security controls.
According to the FBI, TDS technology is designed to route internet traffic to different destinations after users visit websites, click advertisements, download applications, or engage with online promotions. While the technology itself has legitimate uses, cybercriminals are exploiting it to selectively redirect users to compromised websites and fraudulent login pages.
FBI Warns of Malicious Traffic Distribution Systems Used in Cyber Attacks
As the FBI Warns of Malicious Traffic Distribution Systems, the agency explained that cybercriminals often drive victims to a malicious TDS through various methods, including Social Engineering, phishing emails, malicious advertisements, and compromised websites.
One common technique involves Search Engine Optimization (SEO) Poisoning, where fraudulent advertisements are designed to imitate legitimate websites. Users who click these links may unknowingly enter a redirection chain controlled by threat actors.
Cybercriminals also compromise legitimate websites by exploiting weak passwords, outdated plugins, and vulnerable website themes. Once administrative access is obtained, attackers can modify website code to automatically redirect visitors to a malicious TDS infrastructure.
How Traffic Distribution Systems Help Evade Detection
According to the FBI, Traffic Distribution Systems (TDS) can bypass traditional firewall protections that would normally block access to malicious websites.
The system uses multiple intermediate nodes before directing users to the final destination, making it more difficult for defenders to identify and block malicious activity.
In addition to hiding malicious infrastructure, attackers use TDS platforms to gather information about visitors. Data collected may include:
- IP address
- Operating system
- Geographic location
- Device information
- Browser details
The FBI noted that this information allows attackers to determine whether a victim is a suitable target. It also enables cybercriminals to avoid detection by presenting harmless content to users they are not interested in targeting, including security researchers and analysts.
Phishing, Malware, and Ransomware Risks
The FBI warned that users reaching the end of a malicious redirection chain may encounter Phishing Pages, financial fraud schemes, or malware downloads.
In some cases, attackers use malware delivered through a TDS to gain access to victim networks. The agency stated that compromised accounts and network access obtained through these methods may later be sold to other criminal groups, including Ransomware operators.
The PSA highlights how a single visit to a compromised website or malicious advertisement can ultimately lead to broader cybersecurity incidents.
FBI Shares Protection Measures
To reduce the risk of compromise, the FBI advised individuals to verify website URLs before clicking advertisements or promotional links. The agency also recommended keeping software, website plugins, and themes updated to address known vulnerabilities.
Additional recommendations include:
- Using strong passwords
- Enabling Two-Factor Authentication (2FA)
- Installing reputable security plugins and web application firewalls
- Downloading software only from trusted developers
For businesses, the FBI recommended monitoring endpoints for suspicious activity involving JavaScript, PowerShell, and script execution tools. Organizations are also encouraged to strengthen phishing awareness training, regularly audit website administration accounts, and patch content management systems and third-party components.
FBI Urges Victims to Report Incidents
The FBI encouraged individuals and organizations that believe they have been affected by activity linked to malicious TDS infrastructure to report the incident through the Internet Crime Complaint Center (IC3) and contact their local FBI field office.
The agency emphasized that cybercriminals continue to evolve their techniques for delivering malware and conducting online fraud, making vigilance and proactive cybersecurity measures essential for both individuals and businesses.
