Cybercriminals do not take holidays off — in fact, they often use them to their advantage. That’s how a group of hackers celebrated last President’s Day in the United States. A massive malicious advertising (malvertising) campaign involving more than 800 million ad impressions was launched on legitimate websites between February 16-19, 2019, according to Confiant security researchers. The ads were designed to trick users into entering personal and financial information in order forms for fake products.
A Serious Problem
Malvertising is a serious problem. Avast notes that it is one of the top five endpoint threats affecting small businesses. That’s because cybercriminals are increasingly posting malvertising on legitimate websites in order to:
The Devious Ways in Which Malvertising Works
To understand how malvertising works, you need to know how web browsers render web pages. When you visit a web page, your browser automatically receives the page’s content so it can display the page. So, for example, when you visit your favorite business news website, all the articles, pictures, ads (malicious or not), and other elements on the page are automatically sent to your browser.
What the malvertising does next depends on whether it includes malicious code. For instance, suppose hackers want to deliver an exploit kit. One way they can do this is to create ads that try to lure you into clicking a link. The ad itself does not contain any malicious code. However, if you click the link, you will be sent to a server that delivers an exploit kit. If the kit finds a vulnerability, it is used to install malware on your device.
Even worse, some malicious ads deliver exploit kits without you doing anything other than going to your favorite website. In this case, the malvertising contains code that automatically redirects your browser to a server, which delivers the exploit kit. The redirection occurs behind the scenes, without you clicking a single link.
How Hackers Get Malicious Ads on Legitimate Websites
Hacking into legitimate websites and inserting malicious ads is a lot of work. That’s why cybercriminals typically pose as businesspeople to get their malvertising online. This ruse is successful because there are many different ways to get ads on websites (e.g., through advertising agencies, using advertising networks) and there is no standard vetting process. The groups involved in getting ads often do not request much information from the people submitting them. And, while some groups check ads before accepting them, others do not. Even if the ads are checked, hackers find ways around the screenings. For example, sometimes they submit their ads with the malicious code disabled and then enable it after the ad is accepted and put online. Additionally, hackers often remove the malicious code from their ads shortly after they are posted to make it more difficult to detect and track their attacks.
How to Protect Your Business
While the digital ad industry knows about malvertising and is taking steps to mitigate the problem, it will be awhile before these ads are no longer a threat. Thus, you need to proactively protect your business. Here are some of the measures you can take:
We can help you develop a customized strategy to protect your business’s devices from malvertising and other types of cyberattacks. Select from our I.T. Managed Services programs if you’re looking for a continuous support plan or work with us through our I.T. Projects to get your network security strategizing started.
Contact us at: firstname.lastname@example.org, or call us at 1.888.257.8525