Top

Malvertising: what is it and how to browse safely

January 13, 2016

Malvertising is the assigned term for malicious advertising, which represents the action of hijacking legitimate online advertising networks performed by malicious factors in order to inject their own malware-ridden advertisements into the said platforms. The usual shape malvertising takes is that of webpage popups, call-to-action items or banners.

The main attraction of this cyber-crime exploit consists of the wide public reached in the act of online advertising. Legitimate advertisers go to great lengths to reach as many viewers as possible and thus these networks can comprise millions of users at once. Spreading a cyber-infection through such a carrier appeals to cyber-criminals, especially that infestation propagates even without clicking the malvert – when the fraudulent codes are embedded in the web page scripts.

At the brink of a new year, malvertising constitutes the next step in cyber-crime, as this Mashable podcast details.

How much should we worry about malvertising?

The answer might not be straightforward.

In 2014 we could also read about malvertising being the latest trend in cyber-crime. Its unsettling presence took advantage of trusted websites and legitimate online advertising in order to push its indirect attacks on unsuspecting targets. Covering their tracks, malvertisers reached the better of two worlds, by ridding on the back of ad networks’ granular profiling for personalized targeting, while inserting their own infectious cyber-seeds into well-reputed domain names that are impossible to blacklist. Filtering their activity in correlation with user profiling, the malware codes are difficult to discover and come through as extremely versatile, agile, dynamic and stealthy.

The year 2014 brought a 325 percent spike in malvertising, according to a Cyphort report published in 2015.

The two main advantages that cyber-criminals speculate in this type of attacks are:

  • The ability to keep the ongoing attack silent;
  • The limited response abilities in what the website owners and the internet users are concerned, since the environment is interconnected and volatile; in order for measures to be employed, the page owners should be alerted so they could investigate the attack and eliminate the infested ads.

The year 2015 brought malvertising to the mobile users. Some of the most notorious attacks took place at DailyMotion, eBay, answers.com, talktalk.co.uk, and wowhead.com. Even Forbes.com strived to put an end to a malvertising campaign that took place on its own site and redirecting users o the Neutrino and Angler exploit kits.

Another large campaign of this sort hit Yahoo mid-year with a combination of ad fraud (Bedep) and ransomware (CryptoWall). Adblockers played their role in preventing all ads from reaching their public, legitimate or malware-ridden altogether, but many sites blocked their users in response, unless they disabled the adblockers on their pages.

In conclusion, although malvertising didn’t quite fulfill the 2015 predictions concerning a huge wave of exploits of this type, it is nevertheless true that this silent and quite invisible phenomena should preoccupy any cyber-security aware company owner and Internet user, as well as researchers and cyber intelligence specialists. Its degree of spreading and danger could register a new spike in synchronization with every new development in advertising automation. The same algorithms that improve advertising and marketing could be used for malicious purposes in malvertising campaigns.

Here you may check a testimonial on how malvertising can affect a company and its employees, bypassing the system firewall and exploiting zero-day (unpatched) vulnerability in order to run commands on the affected work computers.

With figures as high as US$1 billion in damages, estimated as malvertising collateral for 2015, this type of cyber-security exploit is not an easy opponent. When ransomware doubles malvertising and spreads to millions of users at once, while the attackers could remain unknown even after the attack is blocked, the unpleasant effects and damages could be devastating.

How can we protect ourselves from malvertising?

Depending on the target-category, we have two instances of affected entities:

  1. The website owners that host advertising should monitor their website regularly and also employ a professional service to deploy cyber-security audits – as a preventive measure; also establish a customer service for your online services and try to pay attention to any alerts coming from your customers in what regards abnormal webpage activities, errors or ads that behave in a particular, suspicious way; remember that clicking on the infected page items is not necessarily a pre-requisite of infection spreading, and try to constantly remain vigilant about the webpage you own or manage. Another useful habit would be to run regular targeted security scans.
  1. The common Internet users that browse and/or engage in online activities on various webpages should:

         –  first and foremost, keep informed: in the cyber community news spread fast and if possible you should stay updated on the latest events and avoid the cyber-crime hotspots;

        – (it might be a good thing to) take up the habit of manually cleaning your web browser temporary data, stored data and other browsing-related data that remains on your personal computer, as an extra precautionary measure;

        – alternatively, you may configure your browser to store as little data as possible.;

       – it would also be recommended to be rather prudent that curious while on the net – do not poke around and click on popups and buttons unless this is part of your main activity (as it might happen when making online purchases); if interested in a brand or product, search it via your search engine instead of clicking the ad link, in the case cyber security is one of your main concerns;

     – the general rule in cyber-security applies to malvertising, too: make all the necessary updates, be sure to have the latest patches and specific protection programs – there are plenty of anti-malware software programs, some of them even performing a fairly good job for free.

      – an extra help brought on by 2015 consists of the ad blockers: if they suit you as an Internet user and the visited sites allow it, you might consider the idea of using such available tools; script blockers also may prove useful when employed.

*enabling Click-to-Play plugins or any plugins that are legitimate and act as auto-play blockers is another user advice coming from specialists;

*disable or uninstall plugins that are not necessary for your daily activities, to avoid background vulnerabilities;

*acquire the most cyber-secure browser available.