Defense techniques[edit]

Websites are often infected through zero-day vulnerabilities on browsers or other software.[4] A defense against known vulnerabilities is to apply the latest software patches to remove the vulnerability that allowed the site to be infected. This is assisted by users to ensure that all of their software is running the latest version. An additional defense is for companies to monitor their websites and networks and then block traffic if malicious content is detected.[7] Other defense techniques include utilizing complex passwords and passkeys to access websites as well as biometric information to protect data from attacks. Utilizing web injections such as firewalls or downloading anti-virus software on to devices can also protect from attacks. [8] Additionally, websites can enhance protection by disabling or removing vulnerable software, such as Flash and Adobe Reader, which are commonly targeted in cyber attacks.

- The United States government conducted an attack on 3 Tor (network) websites. The FBI seized access to the websites and continued to run them for a 19 day period. During this time the websites were modified to serve up a NIT, which would attempt to unmask visitors by revealing their IP address, operating system and web browser. The NIT code was revealed as part of the case USA v Cottom et al. Researchers from University of Nebraska at Kearney and Dakota State University reviewed the NIT code and found that it was an Adobe Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity. It used a technique from Metasploit's "decloaking engine" and only affected users who had not updated their Tor web browser.[9][10][11][12]

Operation Torpedo

Controversy of U.S. mass surveillance/invasion of privacy[edit]

In the U.S. a joint civil suit filed by the American Civil Liberties Union (ACLU), Civil Liberties and Transparency Clinic, and Privacy International against various branches of the U.S. Government alleged that the U.S. government had been using watering hole attacks in a new mass invasion of privacy of ordinary citizens. Further, the nature of the civil suit was a failure to comport relevant documents as part of a FOIA request to the various agencies.ACLU and Privacy International et al v. United States Agencies docket available on Courtlistener.com

Malvertising