Attack Detection: Managing your Untrusted List

Your Untrusted List can quickly grow depending on how many third party resources you use. Resources such as live chat, marketing and performance tools are all essential for business development, but will load in resources such as Javascript files and images. With tools such as Google Tag Manager, multiple team members in your organisation can add and update third party tools on your website any time they wish, all of which will show up on your Untrusted List.

What to consider

One of the first things to consider before trusting a host is are you aware of what company and tool it belongs too? For example, if your company installed a new live chat tool from Zendesk, you’d expect to see a Zendesk host show up in your untrusted hosts.

Basic host checks

Hackers can be very clever in naming the hosts used in attacks. At the very minimum, the following should be checked and considered:

Is the domain is spelled correctly? A common trick is to send data to a host with subtly different spelling. E.g. google-analyitics.com which has an extra “i” in it.
Who is the domain registrant? View details on whois.com to see who registered the domain name for this host. Is it an individual or a legitimate company?
When was the domain registered? Was it registered within the last few weeks?
Do you know why data is being sent to the host?
Do you know what data is being sent to the host?

What if a trusted host gets hacked?

If a trusted host gets hacked, it’s likely that the hacker will exfiltrate the stolen data through another host. This host will then show up in the Untrusted Host list as a new host. Following the basic host checks above, it should be apparent that the new host is malicious. It’s unlikely that the hacker would send the stolen data back to the original (trusted) host, as it would require greater privileges to access the stored data and create more noise, increasing the chance of detection. Ultimately it is down to the third party provider that you are paying for a service to be secure and ensure they have not been compromised in this way.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Categories

Other Articles