Introduction
You might be aware of the fact that Malvertising is a type of cybersecurity threat. But did you know that Malvertising can prove to be extremely dangerous?
Malvertising has been making headlines recently after cybersecurity experts discovered the Malvertising Campaign, targeting Internet of Things (IoT) devices connected to home networks. A Malvertising campaign, if successful, could listen to all conversations people have in their own homes!
And while the dangers of Malvertising are only increasing, it has been around for quite a while. Reputable web pages such as The New York Times, The London Stock Exchange, Spotify, and The Atlantic have all fallen prey to Malvertising in the past.
So if such major websites couldn’t protect themselves, individuals without proper knowledge about how to prevent Malvertising don’t stand a chance.
Keep on reading this blog and understand how you can safeguard your information from Malvertising.
How does Malvertising work?
Malvertising is a type of online attack where hackers inject malicious code into legitimate online advertising networks. Malvertising only affects users while they are on the infected webpage and cannot operate continuously on the user’s computer afterward.
There are many tactics that a “malvertiser” can use with the ultimate goal of getting the user to download malware or redirect them to a malicious server.
It can also affect users without them even clicking the Malvertisement (Malware Advertisement) in the following ways:
- Displaying unwanted advertising, malicious content, or pop-ups, beyond the ads legitimately displayed by the ad network by executing Javascript
- Forced redirect of the browser to a malicious site
- A drive-by download, malware, or adware installation on the computer of a user viewing the ad, leverages browser vulnerabilities.
Examples of Malvertising
The earliest known attacks occurred in 2008 and have only been getting fiercer with time. At that time, Adobe Flash fell victim to a Malvertising attack, which even extended to the social media platform MySpace.
Then, in 2009, The New York Times online magazine fell prey to the attack by publishing an ad that enlisted computers into malware-infected computers. Readers were shown ads telling them that their systems were infected. It was done to trick them into installing malicious security software on their computers.
In 2010, Malvertising exploded across the internet. Cybersecurity professionals identified billions of ads that were carrying Malware across 3,500 sites.
In 2011, Spotify fell victim to an early example of a drive-by download malvertising attack.
And again, in 2012, a massive attack hit The Los Angeles Times, infecting users via drive-by download. The strategy served as the prototype for future cyberattacks.
Then in the following year, 2013,Yahoo.com fell prey to a Malvertising attack, which put a significant number of the webpage’s 6.9 billion monthly visitors at the risk of having their information compromised. The attack infected user’s machines with the CryptoWall ransomware.
2014 showed another significant increase in the attacks. Google DoubleClick and Zedo ad networks suffered due to malvertising campaigns. Also, news portals such as Times of Israel and The Jerusalem Post fell into this trap.
In 2015, attacks continued to diversify, using popular websites to display bad ads and drop Malware onto the computers of unsuspecting users. Targeted websites included dating sites, some video streaming sites, Google Adwords, and MSN.com.
Today, Malvertising detections continue to grow further in the absence of adequate cybersecurity protocols in place.
The malvertising industry is getting more sophisticated when it comes to its malware delivery methods.
The beginning of 2019 brought an increasing number of drive-by malicious ads that did not require a user’s click, says Phil Cowger, a researcher at cybersecurity company RiskIQ.
What types of Devices are at Risk
According to Malwarebytes, although Windows has been the main focus of malware attacks for years, a Malvertising campaign focused on a browser or plug-in can just as easily infect a Mac, Chromebook, Android phone, iPhone, or any such devices in a business network.
Cybercriminals primarily target Windows users because the huge Windows user base gives them the best return on investment. But MACs(by Apple) are just as vulnerable to these attacks.
With regards to mobile phones, malvertising can be even more of a threat since people don’t take the same precautions or have the same firewalls on their phones as they do on their computers.
What makes mobile devices even more of a target for malvertising is that they are always on a person and carried from home to work, on weekend outings, often used for shopping, and so on.
Android users are increasingly plagued by Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples.
Businesses, with their distributed networks full of personal and financial data on all kinds of devices, have recently become big targets for malvertising as well.
According to the October 2018 Malwarebytes Labs Cybercrime Tactics and Techniques Report, businesses saw a 55 percent increase in attacks compared to the previous quarter. At the same time, consumer attacks increased by only four percent quarter over quarter.
How to Avoid Malvertising
One of the most dangerous things about Malvertising is that it often occurs on ad networks that users trust the most.
Avoiding Malvertising requires precautionary steps taken by the users of websites and owners to ensure that the webpage is not infected.
For end-users, the following steps can be taken to avoid Malvertising:
- Antivirus software can protect against some drive-by downloads or malicious code executed by Malvertising.
- Ad blockers offer good protection because they block all ads together with their malicious elements.
- Avoiding the use of Flash and Java can protect users from many vulnerabilities commonly exploited by Malvertising.
- Updating browsers and plugins can prevent many Malvertising attacks, in particular those which operate before the user clicks the ad.
In the case of web pages, companies need to have a proactive approach that is aware of cyber threats and the latest best practices for preventing them. Ongoing employee training is as necessary as having a team of cybersecurity experts on board. And for this, cybersecurity professionals are always in demand.
If you are passionate about protecting information systems and protecting web pages and users alike from Malvertising, you should consider entering the field of cybersecurity yourself. It will also ensure that you have a sustainable and secure job future. And for this, look into Advanced Cybersecurity Program to upskill today!
