Many news organizations make a sizable profit by renting out virtual ad space on their websites. They usually rent out ad space to third-party ad networks, such as Google, Yahoo, and Microsoft. However, cybercriminals are now inserting malicious code into online advertising to infect unsuspecting website visitors. Unlike malicious advertising of the past, visitors do not need to click on the ads; they just need to see them. From there, the visitor will discover spyware and/or ransomware on their computer. These types of malware can slow down devices, record keystrokes, and encrypt files.
How do malvertising attacks work?
- Cybercriminals will upload malicious Flash multimedia to an ad network
- The ad network accepts the ad and stores it in its database to serve to viewers later
- Advertisers will bid on the opportunity to serve their ads to a target audience
- The ad network will serve ads to the cybercriminal’s desired audience
- When a user visits the website, the ad will display, and the malicious code will download to their computer
- The code will then search for a backdoor through unpatched software, especially Flash, Java, and Silverlight
- Once the code finds the backdoor, it will install malware onto the device
How can you protect yourself from malvertising attacks?
- Keeping your web browser updated
- Adjust your web browser setting so multimedia ads will not run automatically unless you click on them.
- Use adblocking software, such as Adblock Plus
- Keep browser plugins updated
- Disabling or uninstalling plugins you do not use
- Limiting the number of employee accounts that can install software on their computers
- Installing software that will monitor and protect your web browser from exploit attempts
SwiftTech Solutions can help your staff stay protected against the dangers of web browsing. Contact us by calling 877-794-3811 or emailing info@swifttechsolutions.com for more information about our network security services.
SOURCES
Painter, L. How to stop autoplaying ads, videos and media on web pages: Stop videos auto playing in Chrome, Firefox, Internet Explorer. (2015, August 13). Retrieved from: http://www.pcadvisor.co.uk/how-to/internet/how-stop-autoplaying-ads-videos-media-on-web-pages-chrome-firefox-internet-explorer-3497991/
Hern, A. Major sites including New York Times and BBC hit by ‘ransomware’ malvertising. (2016, March 16). http://www.pcadvisor.co.uk/how-to/internet/how-stop-autoplaying-ads-videos-media-on-web-pages-chrome-firefox-internet-explorer-3497991/
Malwarebytes Labs. What is malvertising? (2015, February 24). Retrieved from: http://www.pcadvisor.co.uk/how-to/internet/how-stop-autoplaying-ads-videos-media-on-web-pages-chrome-firefox-internet-explorer-3497991/
Ducklin, P. Malvertising – why fighting adblockers gets users’ backs up. (2016, January 15) Retrieved from: https://nakedsecurity.sophos.com/2016/01/15/malvertising-why-fighting-adblockers-gets-users-backs-up/
Scharr, J. Malvertising Is Here: How to Protect Yourself. (2014, November 5). Retrieved from: http://www.tomsguide.com/us/malvertising-what-it-is,news-19877.html
O’Kelley, B. Malvertising: Three Things You Need To Know. (2016, January 11). Retrieved from: http://www.forbes.com/sites/valleyvoices/2016/01/11/malvertising-three-things-you-need-to-know/#48cbb1df219b
Miller, J. Malvertising – the new silent killer? (2015, October 21). Retrieved from: http://www.cio.com/article/2995078/malware/malvertising-the-new-silent-killer.html
Hoffman, C. What is Malvertising and How Do You Protect Yourself? (2015, September 1). Retrieved from: http://www.howtogeek.com/227205/what-is-malvertising-and-how-do-you-protect-yourself/
Kashyap, R. Why Malvertising Is Cybercriminals’ Latest Sweet Spot. Retrieved from: http://www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/