Malvertising is a growing menace
You probably might have seen something like above on your devices. You can identify them as infinite, full-screen pop-up ads that won’t close, or notifications with “too good to be true” headlines “get-rich-quick schemes”, “fake software updates”, “scare you to click on a given link”, and “prizes” among others. Many of you might relate these as “Adware” and ignore them by not clicking on it. You might think that if you did not click there is no risk then you are wrong. In this blog, I am going to explain a new cyber menace “Malvertising” and how to avoid them.
Online advertising is a vital source of income for many websites and due to the huge demand and opportunity, online advertisements have become complex to reach large online audience. The online Ad network infrastructure is very complex with many linked connections between ads and click-through destinations. A relatively new cyber threat, Malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.
What is Malvertising?
Malicious Software Advertising or Malvertising is the use of online advertising to spread malicious software or malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Due to the significant reach of online advertisement, it provides a solid and proven platform for spreading malware. Advertising content can be inserted into high-profile and reputable websites which makes Malvertising attractive to attackers because they can be easily spread across a large number of legitimate websites without directly compromising those websites.
Malvertising is a fairly new concept for spreading malware and can be extremely hard to combat as infections delivered through Malvertising does not require any user actions (like clicking) to compromise the system and it does not exploit any vulnerabilities on the website or the server it is hosted from. It can quietly work its way into a webpage or advertisement on a webpage and spread unknowingly. Malvertising is able to expose millions of users to malware even the most cautious and is growing rapidly.
Many reputable organisations, including The New York Times, BBC, Spotify, London Stock Exchange, Forbes and the NFL have been victim of Malvertising attacks in recent years and malicious advertisements placed on their webpages or widgets without users knowledge. In many such cases, the attack stemmed from a compromised ad network, which made it nearly impossible for the organisation to identify such risks.
How does Malvertising works?
The online advertising industry is a complex web of relationships and transactions between publishers, the websites you visit and a whole hidden world of advertising machinery. Each day, a large number of ads are submitted to the various advertising networks throughout the world, making it very difficult for the advertising networks to perform a thorough analysis of each ad. Many websites, especially large ones, rely on third party vendors and software in order to display its ads, which in turn reduces the direct oversight and the amount of vetting that takes place. This automation makes online ads vulnerable to Malvertising. Often advertisers work on a complaint based system, wherein if a complaint is lodged against an ad or ads from a specific group/company a deep analysis is then performed at that time. Also it is very difficult for cybersecurity experts to identify exactly which ad is malicious because the ads on a webpage constantly change. This means that one visitor may be infected, but the next ten, who visit the exact same webpage, won’t be infected.
The common strategy for Malvertisers is to submit their malicious ads to third-party online ad vendors. If the vendor approves the ad and the Malvertiser wins their bid, the seemingly innocent ad will get served through any number of sites the vendor is working with. Malicious actors hide a small piece of code deep within a legitimate looking advertisement, which will direct the user’s machine to a malicious or compromised server. When the user’s machine successfully makes a connection to the server, an exploit kit hosted on that server executes.
A typical Malvertising flow
- A bad actor buys ad space on a website or from an ad network.
- The bad actor supplies an infected ad to be displayed in the space they purchased.
- The Malvertising attack happens when either user click the ad or the website loads the ad on your device.
Malvertising debunk the myth that infection happens only once user click on a link. Computers can become infected pre-click (when malware is embedded in main scripts or auto-redirect where user is automatically taken to different site without user interaction) or post-clicking (when user clicks on the ad to visit the site and directed to a malicious site). Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement.
What are risks of Malvertising?
- For publishers, it could be damaged reputation, loss of traffic, revenues, and legal liability to damages caused to users visiting their sites.
- For individuals, it could be financial data loss, personal data theft, extortion, or attacker might able to take over your computer for any malicious activities.
Isn’t Malvertising same as Adware?
Malvertising and Adware are two terms that are sometimes used interchangeably, though they are substantially different. The primary difference between the two comes down to the source of the attack.
- Malvertising involves malicious code which is initially deployed on a publisher’s web page. Adware is a type of malware that sits on your device and causes you to see ads you otherwise wouldn’t encounter
- Malvertising only affects users viewing an infected webpage, there’s no need for the Malvertising attacker to pre-infect your device before you’re shown a malicious ad. Adware, once installed, operates continuously on a user’s computer.
How to protect against Malvertising?
Unfortunately, due to the way this attack vector works, it is quite difficult for users to protect themselves against it. However, there are some best practices you can follow to protect against Malvertising
- Install and run a reputable antivirus program on your computer and Ad Blockers to reduce the risk of running a malicious advertisement.
- Enable the “click-to-play’ selection in your browser’s settings. Once enabled, all online content that requires plugins to play such as Java, Adobe Reader, QuickTime or Flash will be disabled unless you manually give your OK for the content to play.
- When browsing the Internet, make sure to close browser windows when not in use, since this will minimise the number of ads displayed and minimise the likelihood of a malicious ad appearing.
- Ensure that all software and extensions, including web browsers, are up to date.
Publishers also have a responsibility to protect their visitors from Malvertisements. They need to
- Only work with trusted, reputable online advertising vendors.
- Thoroughly evaluate third-party ad networks that will be responsible for selecting, vetting and running ads.
- Run a regular scan to discover malware or unwanted code.
- Network traffic analysis at the firewall level can help to identify suspicious activity before malware has a chance to complete its assigned task.
- Engage a trusted cybersecurity partner to offer customised recommendations based on the organisation’s digital advertising activity.
👋 Join us today !!
