Go to the profile of CUJO
CUJO
The Smart Way to Fight Home Hacking.

Malvertisements: How Browsing Top Sites Can Lead to Ransomware

How much do you know about malware and avoiding cyber-attacks on your computer? If you’re like most users, you know that you should avoid clicking on pop-up ads. You know that you shouldn’t even open, let alone click on the links in, suspicious email messages. You even know not to follow some of the links you see posted on social media, and you probably know that you’re better off avoiding clicking on those third-party “quizzes” you see everywhere these days on Facebook, too, right? However, did you know that browsing through some of the top sites online today can open your network up to malware and ransomware?

The Largest Attack in Years Happened on Trusted Sites

Recently, we saw what experts are calling one of the largest malvertising attacks in years, and it occurred not on those suspicious sites that you know not to click on. Rather, it affected trusted sites like Newsweek, the BBC, MSN, and The New York Times. These sites weren’t the originators of the attack, but were victims of it. So how did some of the most respected sites in the world get breached and become beacons for ransomware?

Essentially, the cyber criminals behind the attack uploaded their harmful advertisements (malvertisements) to advertising companies that placed ads on these and other top-tier sites. With thousands of people accessing these sites on a daily basis, anyone running vulnerable software who visited any of these sites on the day that the malvertisements went live could have had their computers infected with malware and/or file-encrypting ransomware.

What Is Ransomware?

But what is ransomware, and why should you care? You likely already know that malware is any malicious software that’s designed to gain access to your private information and/or do damage to your hardware or software. Ransomware takes the concept of malware a step farther.

Essentially, when your computer is infected with ransomware, the malicious software will encrypt your files so that you cannot gain access to them. Instead of doing your normal work, opening files, or checking out your Facebook feed when you open your laptop or turn on your desktop, you’ll get a bold notification telling you that you must pay a ransom to an unknown hacker within a certain (short) amount of time, or all of your data will be wiped clean with no hope of recovery.

In essence, ransomware is exactly what it sounds like. A cybercriminal attacks your machine or network, “kidnaps” your data through encryption, and holds it for ransom until you pay a given ransom (usually to be paid in bitcoins that cannot be easily traced). Ransomware is especially worrisome as it has become increasingly popular among malicious hackers, and it’s even more worrisome when we see an attack of the size and scope we saw with this most recent malvertising hack of large sites like BBC and The New York Times.

As of the latest reports, most of the offending ads have been removed and will not appear again, but there are still some lingering that have not been found and removed yet. And, with large advertising providers like AOL, AppNexus, Rubicon, and Google DoubleClick being affected, this is serious cause for alarm. While most users do not click on a lot of ads on the sites they visit, an accidental click could be all that’s necessary to get infected with ransomware and to find yourself locked out of your own computer’s files. So what are advertisers doing to protect users from this kind of attack in the future?

What’s Being Done to Protect Users?

According to AppNexus’ vice president of communications, Josh Zeitz, all of the offending ads were removed and had their accounts deactivated as soon as the company was made aware of the attack. He also noted that the malware ads were not placed directly through AppNexus but through a third party. Zeitz assured users that AppNexus places security as a major priority, using Sherlock, a malware detection and security system, to screen all ads and to filter out bad ads to avoid this kind of situation.

According to Zeitz, AppNexus devotes “considerable financial resources to safeguarding our customers…Unfortunately, bad actors also invest considerably in developing new forms of malware.” It is indeed rare to see a malvertising campaign of this kind of scope, but it looks as if this particular attack didn’t come out of nowhere. Just a few days before this attack, a smaller scale attack of the same type was launched on similar top-tier advertising companies. Experts believe that this smaller attack may have been a test run for the larger attack to come.

Furthermore, the timing of the larger attack seems to have been very deliberate, as it was executed on a Sunday, when many companies would not have staff on duty to respond immediately.

What Can You Do to Protect Yourself?

While information security companies, software developers, and advertising companies all work to filter out malware and ransomware, malvertising continues to be a major problem. While online advertising companies continue to improve their security efforts and use a whole host of security tools to avoid attacks like these, they still happen on a more regular basis than anyone would like to admit.

Advertisements often take long and winding paths through several third parties and advertising companies before they arrive at their end destinations. This can make it very difficult to track them, which can make it easier for hackers to create successful attacks. So what can you do to protect yourself from malware and ransomware appearing on your computer just because you happened to browse through one of the most trusted news sites online?

Protecting your own network with a device and software that will actually scan for inbound threats is essential in today’s online world, but that doesn’t mean that you have to have a degree in computer science to understand network security or that you have to purchase a lot of different equipment to get the job done. Instead, check out CUJO, a plug-and-play device that keeps your network and all of your connected devices secure from cyber-attacks.