A research team from the Craz University of Technology located in Austria recently disclosed the details of a new cyber threat tradecraft attack methodology.

The newly disclosed methodology enables remote hackers to infer websites as well as other previously viewed content without requiring direct network traffic access. Typically, hackers require a person-in-the-middle (PitM) attack, or hacking the target’s wifi connection from within physical proximity. The new methodology dubbed SnailLoad makes the process more efficient as it does not require a PitM position or additional remote code execution. In order to execute a SnailLoad attack, the threat actor would need to conduct latency measurements to provide the data needed to track user traffic. This process mimics creating a”fingerprint” for each site accessed.

Read more:

https://www.securityweek.com/new-snailload-attack-relies-on-network-latency-variations-to-infer-user-activity/