DOCSLIB.ORG

Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites Sumayah Alrwais1,2, Kan Yuan1, Eihal Alowaisheq1,2, Xiaojing Liao3, Alina Oprea4, XiaoFeng Wang1 and Zhou Li5 1 Indiana University at Bloomington, {salrwais, kanyuan, ealowais, xw7}@indiana.edu 2King Saud University, Riyadh, Saudi Arabia, {salrwais, ealowaisheq}@ksu.edu.sa 3Georgia Institute of Technology, [email protected] 4Northeastern University, [email protected] 5RSA Laboratories, [email protected] ABSTRACT as you always did in countless prior visits. This time, however, the Unlike a random, run-of-the-mill website infection, in a strategic menu stealthily drops a piece of malware on your office computer, web attack, the adversary carefully chooses the target frequently which later silently collects your personal and business information visited by an organization or a group of individuals to compro- and further propagates across your company’s internal network. It mise, for the purpose of gaining a step closer to the organization turns out that the malware was actually strategically planted there or collecting information from the group. This type of attacks, for the purpose of infiltrating your company, due to the popularity called “watering hole”, have been increasingly utilized by APT ac- of the restaurant among the company’s employees. This is an exam- tors to get into the internal networks of big companies and gov- ple of targeted infiltrations, which aim at one specific organization, ernment agencies or monitor politically oriented groups. With its population group or industry of high value. They are the first step importance, little has been done so far to understand how the attack of an Advanced Persistent Threat (APT) [34, 45], a continuous, works, not to mention any concrete step to counter this threat. multi-stage and stealthy hacking process for such serious purposes In this paper, we report our first step toward better understand- as international espionage, sabotage, intellectual property theft and ing this emerging threat, through systematically discovering and domestic surveillance, etc. In the past few years, APT attacks have analyzing new watering hole instances and attack campaigns. This led to the breach of critical national infrastructures [29] and the was made possible by a carefully designed methodology, which re- computing systems of leading companies [48], news agencies [53] peatedly monitors a large number potential watering hole targets to and political dissidents [55]. According to various published re- detect unusual changes that could be indicative of strategic com- ports (e.g., [34, 45]), such an attack involves several phases, among promises. Running this system on the HTTP traffic generated from which the most important are the steps (reconnaissance and deliv- visits to 61K websites for over 5 years, we are able to discover and ery) that get adversaries a foothold into the target system. This is often achieved through social engineering, such as spear phish- confirm 17 watering holes and 6 campaigns never reported before. 1 Given so far there are merely 29 watering holes reported by blogs ing [39, 42] and increasingly strategic website compromising , and technical reports, the findings we made contribute to the re- dubbed “watering hole attacks”[29], as described in the above ex- search on this attack vector, by adding 59% more attack instances ample. and information about how they work to the public knowledge. Strategic site targeting. Simply put, in a watering hole attack, the Analyzing the new watering holes allows us to gain deeper un- adversary carefully selects a set of websites frequently visited by derstanding of these attacks, such as repeated compromises of po- his targets and by compromising these sites gains opportunities to litical websites, their long lifetimes, unique evasion strategy (lever- penetrate the targets’ systems, in a way much like the predator lurk- aging other compromised sites to serve attack payloads) and new ing around a watering hole to wait for its prey to show up. Since the exploit techniques (no malware delivery, web only information gath- selected websites are typically trusted by the target, such an attack ering). Also, our study brings to light interesting new observations, is often very effective, as pointed out by a Symantec report: “Any including the discovery of a recent JSONP attack on an NGO web- manufacturers who are in the defense supply chain need to be wary site that has been widely reported and apparently forced the attack of attacks emanating from subsidiaries, business partners, and as- to stop. sociated companies, as they may have been compromised and used as a stepping-stone to the truly intended target” [54]. Examples in- 1. INTRODUCTION clude the compromise of the Council on Foreign Relation website for attacking other agencies [37], the infection on forbes.com that Consider that you are viewing your favorite restaurant’s menu, targets the defense industry [53] and the use of a restaurant menu to get into an oil company’s network [59]. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed Defense against watering hole attacks is challenging. These at- for profit or commercial advantage and that copies bear this notice and the full cita- tacks often involve zero-day exploits, malware or other unique tech- tion on the first page. Copyrights for components of this work owned by others than niques, which are hard to detect. Limiting access to all such fre- ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- quently visited sites is not a viable solution, given the inconve- publish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. nience it would bring in. Without scalable techniques, monitor- ACSAC ’16, December 05-09, 2016, Los Angeles, CA, USA 1 Throughout this paper, we use the two terms “Strategic compromise” and “watering c 2016 ACM. ISBN 978-1-4503-4771-6/16/12. $15.00 hole” interchangeably. DOI: http://dx.doi.org/10.1145/2991079.2991112 ing these sites for malicious activities is difficult, due to their large mised multiple times, the Carter Center, cartercenter.com and other number (e.g., 120K sites we found to be visited for at least 10 times politically oriented watering hole campaigns. For the attacks on within 8 months from a company’s traffic traces). Most impor- enterprises, we observed new instances and interesting strategies. tantly, given the fact that such targeted attacks only aim at a small For example, an India shipyard’s website was found to be strategi- set of carefully selected targets, and therefore are much less fre- cally compromised and a new watering hole running the ScanBox quent [46, 39, 42] and stealthier than random compromises, so far framework [22] was found to exhibit targeting behavior never re- only 29 watering hole instances have been reported and made pub- ported before, e.g., delivering malicious payload to website visitors lic. In the absence of adequate real-world attack data, our under- from a computing center in San Diego but not from a university. standing of this emerging threat is very limited, making it hard to These new findings help us better understand such strategic com- come up with any effective response. promises. Particularly, our study presents strong evidence that the watering hole perpetrators not only aim at a specific organization Finding watering holes. In this paper, we report the first system- but also at a group of politically oriented people. Further, the atic study on watering holes, making an important step toward bet- repeated compromises of political sites demonstrate that they are ter understanding such elusive but significant threat, through dis- relatively soft targets compared with the corporate websites that covery of new strategic compromises and in-depth analysis of these are better protected and rarely exploited multiple times. Also, we cases. This was achieved using a new methodology which helped found that watering holes are characterized by a long lifetime, in find new watering holes by continuously analyzing the network some cases, a few years, and unique evasion tricks, which hide their traffic triggered during the visit to a set of likely target websites. attack payloads, redirection scripts etc. on legitimate (but compro- At the center of the methodology is Eyeson, a system that performs mised) or legitimate looking third party domains, or even utilize a lightweight persistent surveillance of the likely targets by inspect- these domains as command and control (C&C) centers. In terms ing only the headers of the HTTP requests to the site. From such of attack techniques, it is surprising to see that the adversary may thin information, Eyeson automatically builds a model for the rate not deliver any malware or compromise the victim’s system at all: of the change (based upon quantified features such as hostnames, sometimes, all they do is just collect information through the vic- content types, URL patterns, file names, etc.) observed across dif- tim’s browser (e.g., the JSONP watering hole). ferent visits to the same site. Once a sudden big change occurs (dis- covered from HTTP headers), which are supposed to be unlikely to Contributions. The contributions of the paper are outlined below: happen according to the model, the site is flagged and goes through •New understanding of the watering hole attacks. We conducted other analyses to determine if it is indeed compromised. the first systematic study on strategic compromises leading to the The simplicity and efficiency of the methodology enable contin- discovery of high impact watering hole attacks never reported be- uous monitoring and analysis of a large number of potential tar- fore.
Load more

Recommended publications
  • The Study of Open Source Cmss by CHETAN GOPILAL JAIN a Thesis
    The Study of Open Source CMSs By CHETAN GOPILAL JAIN A thesis submitted to the Graduate School-New Brunswick Rutgers, The State University of New Jersey in partial fulfillment of the requirements for the degree of Master of Science Graduate Program in Electrical and Computer Engineering written under the direction of Prof Deborah Silver and approved by ________________________ ________________________ ________________________ ________________________ New Brunswick, New Jersey May, 2010 2010 CHETAN GOPILAL JAIN ALL RIGHTS RESERVED ABSTRACT OF THE THESIS The Study of Open Source CMSs By CHETAN JAIN Thesis Director: Professor Deborah Silver In this thesis, we evaluate different open source content management systems (CMSs) and determine their appropriateness for scientific research laboratories’ website content management. We describe different CMSs and evaluate them based on the following criteria: ease of installation, usability, maintenance and updates, scalability, community strength and support, user roles and workflow, security, and Web 2.0 features. We then choose of these system, Drupal, and demonstrate its effectiveness for two different scientific websites, Bio-1 and Vizlab. Drupal allows integrating new features using community contributed modules and easy future up-gradation. Successful implementation of both projects using Drupal highlights the importance of Open Source CMSs. ii Acknowledgement I would like to thank my advisor, Prof. Deborah Silver, for her support and encouragement while writing this thesis.Also, I would like to thank my parents and family who provided me with a strong educational foundation and supported me in all my academic pursuits. I also acknowledge the help of VIZLAB at Rutgers. iii Table of Contents Abstract ……………………………………………………………………….………………….ii Acknowledgement …………………………………………………………...………………...
    [Show full text]
  • Appximity: a Context-Aware Mobile Application Management Framework
    AppXimity: A Context-Aware Mobile Application Management Framework by Ernest E. Alexander Jr. Aaron B.Sc., Universiti Tenaga Nasional, 2011 A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of MASTER OF SCIENCE in the Department of Computer Science c Ernest E. Alexander Jr. Aaron, 2017 University of Victoria All rights reserved. This thesis may not be reproduced in whole or in part, by photocopying or other means, without the permission of the author. ii AppXimity: A Context-Aware Mobile Application Management Framework by Ernest E. Alexander Jr. Aaron B.Sc., Universiti Tenaga Nasional, 2011 Supervisory Committee Dr. Hausi A. M¨uller,Supervisor (Department of Computer Science) Dr. Issa Traor´e,Outside Member (Department of Electrical and Computer Engineering) iii Supervisory Committee Dr. Hausi A. M¨uller,Supervisor (Department of Computer Science) Dr. Issa Traor´e,Outside Member (Department of Electrical and Computer Engineering) ABSTRACT The Internet of Things is an emerging technology where everyday devices with sensing and actuating capabilities are connected to the Internet and seamlessly com- municate with other devices over the network. The proliferation of mobile devices enables access to unprecedented levels of rich information sources. Mobile app cre- ators can leverage this information to create personalized mobile applications. The amount of available mobile apps available for download will increase over time, and thus, accessing and managing apps can become cumbersome. This thesis presents AppXimity, a mobile-app-management that provides personalized app suggestions and recommendations by leveraging user preferences and contextual information to provide relevant apps in a given context. Suggested apps represent a subset of the installed apps that match nearby businesses or have been identified by AppXimity as apps of interest to the user, and recommended apps are those apps that are not installed on the user's device, but may be of interest to the user, in that location.
    [Show full text]
  • Exploring Search Engine Optimization (SEO) Techniques for Dynamic Websites
    Master Thesis Computer Science Thesis no: MCS-2011-10 March, 2011 __________________________________________________________________________ Exploring Search Engine Optimization (SEO) Techniques for Dynamic Websites Wasfa Kanwal School of Computing Blekinge Institute of Technology SE – 371 39 Karlskrona Sweden This thesis is submitted to the School of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. ___________________________________________________________________________________ Contact Information: Author: Wasfa Kanwal E-mail: [email protected] University advisor: Martin Boldt, PhD. School of Computing School of Computing Internet : www.bth.se/com Blekinge Institute of Technology Phone : +46 455 38 50 00 SE – 371 39 Karlskrona Fax : +46 455 38 50 57 Sweden ii ABSTRACT Context: With growing number of online businesses, Search Engine Optimization (SEO) has become vital to capitalize a business because SEO is key factor for marketing an online business. SEO is the process to optimize a website so that it ranks well on Search Engine Result Pages (SERPs). Dynamic websites are commonly used for e-commerce because they are easier to update and expand; however they are subjected to indexing related problems. Objectives: This research aims to examine and address dynamic websites indexing related issues. To achieve aims and objectives of this research I intend to explore dynamic websites indexing considerations, investigate SEO tools to carry SEO campaign in three major search engines (Google, Yahoo and Bing), experiment SEO techniques, and determine to what extent dynamic websites can be made search engine friendly on these major search engines.
    [Show full text]
  • Chapter 4 Working with Content
    C H A P T E R 4 ! ! ! Working with Content WordPress comes with several basic content types: posts, pages, links, and media files. In addition, you can create your own content types, which I’ll talk more about in Chapter 12. Posts and pages make up the heart of your site. You’ll probably add images, audio, video, or other documents like Office files to augment your posts and pages, and WordPress makes it easy to upload and link to these files. WordPress also includes a robust link manager, which you can use to maintain a blogroll or other link directory. WordPress automatically generates a number of different feeds to syndicate your content. I’ll talk about the four feed formats, the common feeds, and the hidden ones that even experienced WordPress users might not know about. Since WordPress is known for its exceptional blogging capabilities, I’ll talk about posts first, and then discuss how pages differ from posts—and how you can modify them to be more alike. Posts Collectively, posts make up the blog (or news) section of your site. Posts are generally listed according to date, but can also be tagged or filed into categories. At its most basic, a post consists of a title and some content. In addition, WordPress will add some required metadata to every post: an ID number, an author, a publication date, a category, the publication status, and a visibility setting. There are a number of other things that may be added to posts, but the aforementioned are the essentials.
    [Show full text]
  • Cached and Confused: Web Cache Deception in the Wild
    Cached and Confused: Web Cache Deception in the Wild Seyed Ali Mirheidari, University of Trento; Sajjad Arshad, Northeastern University; Kaan Onarlioglu, Akamai Technologies; Bruno Crispo, University of Trento, KU Leuven; Engin Kirda and William Robertson, Northeastern University https://www.usenix.org/conference/usenixsecurity20/presentation/mirheidari This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. Cached and Confused: Web Cache Deception in the Wild Seyed Ali Mirheidari Sajjad Arshad∗ Kaan Onarlioglu University of Trento Northeastern University Akamai Technologies Bruno Crispo Engin Kirda William Robertson University of Trento & Northeastern University Northeastern University KU Leuven Abstract In particular, Content Delivery Network (CDN) providers Web cache deception (WCD) is an attack proposed in 2017, heavily rely on effective web content caching at their edge where an attacker tricks a caching proxy into erroneously servers, which together comprise a massively-distributed In- storing private information transmitted over the Internet and ternet overlay network of caching reverse proxies. Popular subsequently gains unauthorized access to that cached data. CDN providers advertise accelerated content delivery and Due to the widespread use of web caches and, in particular, high availability via global coverage and deployments reach- the use of massive networks of caching proxies deployed ing hundreds of thousands of servers [5,15]. A recent scien- by content distribution network (CDN) providers as a critical tific measurement also estimates that more than 74% of the component of the Internet, WCD puts a substantial population Alexa Top 1K are served by CDN providers, indicating that of Internet users at risk.
    [Show full text]
  • WEBMYNE SYSTEMS Complete Internet Marketing & SEO Training Guide [2014]
    WEBMYNE SYSTEMS Complete Internet Marketing & SEO Training Guide [2014] SEO Training Guide - 2014 Webmyne, SEO Training Guide 0 TABLE OF CONTENTS Introduction to SEO # INTRODUCTION TO INTERNET MARKETING # SEARCH ENGINE BASICS # SEO REQUIREMENTS # Types of SEO # ON-PAGE SEO # OFF-PAGE SEO # Off-page SEO Overview # WHAT IS LINK BUILDING? # IMPORTANCE OF OFF-PAGE SEO OR LINK BUILDING # QUALITY LINK BUILDING/LINK DEVELOPMENT WAYS # Link Popularity in Practice # DIRECTORY SUBMISSION SOCIAL MEDIA OPTIMIZATION / BOOKMARKING ARTICLE SUBMISSION BLOG CREATION / SUBMISSION / MARKETING NEWS / PR / RELEASES FORUM POSTING CLASSIFIEDS COMMENTING (BLOGS / ARTICLES / FORUMS) LINK EXCHANGE EMAIL MARKETING BUSINESS DIRECTORY SUBMISSION GROUPS / COMMUNITY PROFILES CREATION SOCIAL NETWORKING RSS / ATOM / OPML / XML PINGING VIDEO SUBMISSION / PODCASTING / AUDIO SUBMISSION SOFTWARE SUBMISSION SLIDE SHARE / DOCUMENT / PDF SHARING On Page SEO Overview # KEYWORD RESEARCH # META TAGS AND TITLE OPTIMIZATION # CANONICAL TAG, META ROBOTS AND REL=NOFOLLOW TAGS # CONTENT OPTIMIZATION # URL OPTIMIZATION # IMPORTANCE OF ROBOTS.TXT AND HTACCESS # Webmyne, SEO Training Guide 1 Site Architecture # WHAT IS SITE ARCHITECTURE? # SEO FRIENDLY SITE STRUCTURE # Google Algorithms and Updates # WHAT ARE GOOGLE/SEARCH ENGINE ALGORITHMS? # EXPLAINING PANDA, PENGUIN AND HUMMINGBIRD UPDATES # Social Media Optimization & Social Networking # WHAT IS SOCIAL MEDIA OPTIMIZATION? # PARTICIPATING IN FACEBOOK, TWITTER, LINKEDIN, PINTEREST # EFFECTIVE SOCIAL MEDIA MARKETING TACTICS #
    [Show full text]
  • User Guide for Zone Labs Security Software
    User Guide for Zone Labs security software version 6.5 Smarter Security TM © 2006 Zone Labs, LLC. All rights reserved. © 2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecurRemote, SecurServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, TrueVector, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, Web Intelligence, ZoneAlarm, Zone Alarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726 and 6,496,935 and may be protected by other U.S. Patents, foreign patents, or pending applications. Zone Labs, LLC. A Checkpoint Company 475 Brannan, Suite 300 San Francisco, CA 94107 ZLD -0422-0650-2006-0601 Contents Tables . ix Figures . xi Preface . xiii About Zone Labs security software . xiv About this guide . xv Conventions .
    [Show full text]
  • Review of Lovethatwhitesmile.Com
    Your website score 48.5 Review of lovethatwhitesmile.com Introduction This report provides a review of the key factors that influence the SEO and the usability of your website. The rank is a grade, on a 100 points scale, that represents your Internet Marketing Effectiveness. The algorithm is based on 50 criteria, including search engine data, website structure, site performance, and others. A rank lower than 40 means that there is a lot of areas to improve. A rank above 70 is a good mark and it means that your website is probably well optimized. Our reports provide actionable advices to improve a site's business objectives. Please contact us for more information. [email protected] Table of Contents Visitors SEO Content SEO Backlinks Social Monitoring SEO Links Usability Mobile SEO Keywords Security SEO Basics SEO Authority Technologies Iconography Pass High impact Very hard to solve Moderate Medium impact Hard to solve Fail Low impact Easy to solve FYI Visitors Traffic Estimations Low High Medium impact We use several different tools to estimate web traffic: Google™ Ad Planner, Google™ Trends and Alexa™. Nevertheless, your analytics will provide the most accurate traffic data. Traffic Rank 5846972th most visited website in the World A low rank means that your website gets lots of visitors. Your Alexa Rank is a good estimate of the worldwide traffic to your website, although it is not 100% accurate. Reviewing the most visited websites by country can give you valuable insights Distinctive Audience This website tends to be popular amongst: females aged between 18 and 24 connecting from work Relative to the general internet population, the above audience is over-represented at lovethatwhitesmile.com.
    [Show full text]
  • C5E2FF Introduction
    C5E2FF Introduction What is local SEO? If you’re a local business, or someone who wants to market your products to a local audience, you want to be ranking higher on local search results. Simply put, local SEO is the process of optimizing your website, local profiles and online reviews to ensure that you rank higher when searches are made “locally” (near your business). Why is local SEO important? It is estimated that more than half the searches on Google are made with "local intent". This means that one in two people in Google are actually looking for local products or services when they search for something. Now, if you don't get your local SEO right, you're losing out on earning more customers for your business. SEO has changed drastically over the years, and bad practices to game the system such as keyword stuffing, meta tag stuffing and link buying are discouraged, now. Ever since Google started rolling out its Panda and Penguin updates, it's become difficult for users to hack their way and rank well on searches without providing rich, accurate and relevant content. In other words, you'll need to actually put in effort to optimize and get your profiles and websites ranking for local searches. The bad news is that there is no shortcut. The good news is that it's fairly straightforward and uncomplicated. How do I optimize my local SEO? It might be a good idea to just focus on the website optimization, managing your Google profile and online business citations sections of this guide if you want to cover the basics of local SEO.
    [Show full text]
  • Website 'Must Haves'
    Website ‘Must Haves’ For Driving Traffic, Leads & Sales By Jessica Meher TABLE OF CONTENTS Introduction…………………….3 Part 3: Content………………..... 25 Messaging………………………………......26 Part 1: Get Found Online…… 4 Educate and Offer Value……………………28 Building Inbound Links………………… 7 Importance of Quality……………………….29 On-page SEO……………………………9 Avoid Corporate Gobbledygook…………..31 Title Tag & Meta Tags……………………11 Be Clear Not Clever……………………….. 32 XML Sitemaps……………………………13 Blogging……………………………………..33 301 Redirects…………………………… 14 Making Content Social and Shareable……35 Other Forms of Content……………………36 15 Part 2: Design & Usability…… Customer Proof……………………………..37 The First Impression…………………....16 Maintain Consistency…………..............19 Part 4: Conversion………………..39 Using the Right Images…………………...20 Effective Call-to-Actions……………………40 Navigation…………………………………21 CTA Positioning……………………………..43 Flash and Animation,,,,,…………………23 Landing Pages………………………………45 Accessibility……………………………….24 Forms…………………………………………49 Newsletters……………………………….....51 Conclusion……………………... 52 Introduction We all know how important a website is to a business's online strategy. Almost every business, whether B2B, B2C, non-profit, local or global needs an online presence to reach buyers in the internet age. A company’s website is its virtual storefront. Shockingly, a recent survey by 1&1 Internet reported that up to 40% of small-to-medium sized businesses still don’t A recent survey by have a website. Even if you’re on social media, operating 1&1 Internet reported without a website is just silly. A website is an essential that up to 40% of piece of your online marketing strategy. small-to-medium sized Whether you're looking to build your first website, or if your businesses still don’t existing site just isn't getting the traffic or leads you were hoping for, you may wonder what it really takes to have a have a website.
    [Show full text]
  • Search Engine Optimization (SEO) Tips for Brokers
    March 2015 Search Engine Optimization (SEO) Tips for Brokers © 2015 Centre for Study of Featuring case studies of Canadian brokers, this white paper contains valuable information and Insurance Operations actionable practices for building an effective search optimization strategy that will help your brokerage rise above the competition and get found when it counts. 110 Yonge Street Suite 500 Toronto, ON M5C 1T4 www.csio.com Table of Contents Executive Summary.............................................................................................................................3 SEO...By the Numbers........................................................................................................................4 Organic vs. Paid SEO.........................................................................................................................5 SEO Tips for Brokers Use a Content Creation Strategy.........................................................................................................6 Establish a Social Media Presence.....................................................................................................7 Use Link Building................................................................................................................................8 Leverage Authoritative Websites.........................................................................................................9 Optimize for Mobile............................................................................................................................10
    [Show full text]
  • Suspicious Url and Device Detection by Log Mining
    SUSPICIOUS URL AND DEVICE DETECTION BY LOG MINING by Yu Tao B.Sc., University of Science and Technology of China, 2012 Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in the School of Computing Science Faculty of Applied Sciences c Yu Tao 2014 SIMON FRASER UNIVERSITY Spring 2014 All rights reserved. However, in accordance with the Copyright Act of Canada, this work may be reproduced without authorization under the conditions for \Fair Dealing." Therefore, limited reproduction of this work for the purposes of private study, research, criticism, review and news reporting is likely to be in accordance with the law, particularly if cited appropriately. APPROVAL Name: Yu Tao Degree: Master of Science Title of Thesis: SUSPICIOUS URL AND DEVICE DETECTION BY LOG MINING Examining Committee: Dr. Greg Mori, Associate Professor Chair Dr. Jian Pei, Professor, Senior Supervisor Dr. Jiangchuan Liu, Associate Professor, Supervisor Dr. Wo-Shun Luk, Professor, Internal Examiner Date Approved: April 22th, 2014 ii Partial Copyright Licence iii Abstract Malicious URL detection is a very important task in Internet security intelligence. Existing works rely on inspecting web page content and URL text to determine whether a URL is malicious or not. There are a lot of new malicious URLs emerging on the web every day, which make it inefficient and not scalable to scan URL one by one using traditional methods. In this thesis, we harness the power of big data to detect unknown malicious URLs based on known ones with the help of Internet access logs. Using our method, we can find out not only related malicious URLs, but also URLs of new updates and CC(command and control) servers for existing malware, botnets and viruses.
    [Show full text]