According to a report by Statista, we witnessed over 5.6 billion malware attacks from over 678 detected malware types in just one year. Most internet users have evolved to be smart enough to identify or be cautious about suspicious activities and phishing attempts. However, in many ways, cybersecurity is a cat-n-mouse game with the black- and white-hats engaging in a seemingly endless competition to be stealthier. This has inevitably led the latter to adopt the tactic of wrapping malware into seemingly harmless digital advertisements, which is, arguably, the lifeblood of the internet economy.
What if malware was a click away via the ads we encounter every day? How can we tell if clicking an ad would wreak havoc on our devices and systems?
Malvertising is one of the newest iterations in the evolution of malware. It’s a potentially more dangerous cybersecurity threat because the users are attacked through legitimate publishing and advertising platforms. The growth of online advertising has been a significant contributor to the enormous spread of malvertising. It can target a broader spectrum of users, thanks to the vastness of the channel through which it spreads. And it is very hard for the user or the ad publisher to detect and protect themselves from the dreadful consequences of malvertisements.
Malvertising is a portmanteau of ‘malicious advertising.’ The attacker inserts malware into legitimate advertising networks entailing highly reputed websites.
These seemingly harmless ‘infected’ ads contain malicious code that spreads the malware. When a user clicks on it, the code redirects the user to a malicious server, makes a connection with the device, and installs the malware on it, all in seconds.
Malvertising occurs extensively because large publishers often use automated third-party applications to display ads on their websites. This makes a direct overwatch difficult, which becomes beneficial for threat actors. Malvertising does not cause any direct damage to the publishing websites, which is another main reason they go unnoticed.
Not only does malvertising tarnish the reputation of advertising platforms and publishers, but it can also steal sensitive information from the end-user. And should the malware in question be ransomware, things can get all the more devastating.
Users leveraging third-party adblockers to avoid malvertisements directly affects the ad revenue of both publishers and marketers. This is a severe blow to the online advertising ecosystem.
Users typically confuse malvertising and ad malware (or adware.) Both terms are technically disparate. While malvertising is malicious in all accounts, adware—as a program that runs on a users’ device to track their web activity, display unwanted ads, and steal user data— is often embedded in legitimate applications. However, most of the time, adware neither causes any serious breach of users’ privacy nor do they alter or assume control of the users’ system/device or encrypts their data. Also, the codes used for malvertising are deployed on a publisher’s page as opposed to adware that is usually deployed directly on an end user’s device. As such, the scope of malware affecting users is much more than adware.
In 2021, REvil, a cyber gang that mainly uses ransomware, used paid positioning in Google search results to prompt users to click on malicious links. Also called SEO poisoning or search poisoning, this approach was highly successful since most users took the bait as they completely trusted the links that were displayed on Google’s search results.
Angler was a malicious program that automatically redirected users to a website where the vulnerabilities in the web extensions like Adobe Flash and Oracle Java were exploited.
Angler spread malware through high-profile websites like The Daily Mail and Forbes. According to sources, the threat actors extorted over $60 million using this malvertising technique.
Malvertising can be of different types based on how they are executed and delivered to the users’ devices:
Staying protected from malvertising lies primarily in the hands of publishers, who can scour their entire platform for any infected ads placements. It is essential for ad platforms to have security solutions and tools to keep malicious codes away from their pages. They can also execute policies that don’t allow marketers to use codes like JavaScript and use formats like JPG and PNG to display ads. They can also keep their eyes on the third-party technologies used for delivering ads. On the other hand, users ought to be extra cautious not to let anything malicious be downloaded to their devices.
Users can also mitigate risks by following some simple yet effective practices:
You can spot if you’re a victim of malvertising if your device becomes suspiciously slow or if there is the presence of any apps you didn’t install on your own. You might also notice an increased occurrence of pop-ups that are particularly hard to close.
Follow these steps if you think any sort of malvertising may have compromised your device.
Infecting users’ devices via ad platforms, malvertising is one of the most advanced and stealthy forms of cybersecurity attacks. Malvertising gravely affects online advertisers’ and publishers’ reputation and their ad revenue streams. Not to mention the violations they cause for the end-users. Lots of high-profile ad publishers and web pages have been victims of malvertising. Although there have been mitigation efforts, it’s the responsibility of both users and publishers to be cautious and take the necessary steps in mitigating the adversarial impact of malvertisements.
Novacommand can help detect threats by inspecting and analyzing the network traffic. The information about the network traffic (metadata) will be correlated and analyzed as well.
By doing this, threats can be detected in an early stage by their behavior, destination, or a combination of both.
Novacommand will not ‘defend’ you against threats but will alarm you on a threat and if needed initiate an action with a 3rd party integration like a firewall or EPP.
A blueprint for combatting ransomware in the manufacturing industry
Insider threats are becoming center stage to some of the deadliest cyberattacks in recent news.
If there are clickable on-page elements on a landing page, the attacker can add malicious code into those elements, and upon a click, the malware can then be installed on a user’s device.
Most high-traffic websites display ads to their visitors. Attackers, therefore, insert malicious codes into those ads to target a higher number of users. Besides, the nature of the content on the ‘popular’ website in quests makes it easier for attackers to get higher clickthrough rates for their malvertisements.
Possibly, but not always. Ads, if infected, can hold malicious code that leads to malware being installed on your device. That doesn’t mean you can’t click on ads at all. Navigating websites cautiously and leveraging relevant cybersecurity tools can prevent you from falling victim to malvertising
ForeNova Technologies GmbHSulzbacher Str. 4890489 Nürnberg +49 1512 962 5343
© 2024 ForeNova Technologies. All Rights Reserved.
