Users could be redirected to fake websites, risking financial fraud and theft of personal information, the agency says.
The FBI advised Americans to exercise caution when clicking on online advertisements, warning that cybercriminals were using traffic distribution systems to redirect clicks to fraudulent websites.
A traffic distribution system (TDS) is a network that routes internet traffic and acts as an intermediary between a link and the subsequent webpage. Malicious actors use TDSs to steer “internet traffic visitors to different destinations after users visit webpages, click advertisement links, sign up for promotions and discounts, or download an application,” the FBI said in a June 18 public service announcement alert.
“Cyber criminals use TDSs to selectively redirect users to compromised or fake login websites that can host phishing pages for online financial fraud or prompt users to download software updates containing malware.”
The criminals can employ various methods to drive users to a TDS network, including placing links in phishing emails and through search engine optimization positioning, which promotes fraudulent ad links that mimic authentic webpages. They can also hack into legitimate websites and edit their code to redirect visitors to a TDS.
When criminals gain access to victims’ data, such information “may be sold for a fee to other cyber criminals, including ransomware groups,” the agency stated.
The FBI said threat actors use traffic distribution systems to bypass traditional firewall systems that would otherwise block malicious websites.
Furthermore, traffic distribution systems collect IP addresses, locations, device information, browser details, and operating system information, which can then be used to filter targets. This allows criminals to display “safe content” to targets they deem undesirable, such as security researchers, thereby bypassing detection.
People should keep their software updated, harden login security, and install only third-party plugins from reputable developers, the agency said.
A March 19 report by security research company Insikt Group said that “[traffic distribution systems] continued to gain prominence” within criminal ecosystems last year. The group said it observed “sustained and widespread use” of traffic distribution systems.
“[The ability of traffic distribution systems] to deliver malicious payloads while evading detection made them a core component of modern cybercriminal operations,” the report said.
