Malvertising infected millions of users in 2015
“New research from Malwarebytes has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year.
The analysis looked at the three large scale zero-day attacks affecting Flash Player, and the results have been presented at Infosecurity Europe 2015.
Analysis of one particular zero-day attack instigated using the HanJuan Exploit Kit showed that cybercriminals paid an average of 49p for every 1,000 infected adverts impressions on major websites at highly trafficked times of day. This amount could even drop as low as 4p per infected ad impression on lesser-known websites and during quieter times of day.
Malicious adverts placed on popular websites including The Huffington Post, Answers.com and Daily Motion, which all boast monthly unique users in the millions, are responsible for exposing vast numbers of consumers to zero-day attacks.
Even consumers and businesses running the latest versions of Internet Explorer, Firefox and Flash Player are susceptible to becoming immediately infected when exposed to this type of threat which makes it particularly lucrative for the criminal community. Further, with one zero-day remaining active for almost two months of the analysis period there is scope for exploits to have especially wide-reaching effects.
The nefarious use of the online ad industry is facilitated by real-time bidding as this allows advertisers to bid in real-time for specific targets and weed out non-genuine users or those that should not be targeted by exploits.
Exploit kit authors leverage the most popular software vulnerabilities to build the most effective tools they can and in the past year, we have seen new vulnerabilities being found and weaponised at a much faster rate. This is a game changer because there is a lack of awareness on zero-day threats and most businesses and consumers arent properly equipped to deal with them,” Jerome Segura, senior security researcher, Malwarebytes, explains.
While one could have foreseen Flash zero-days increasing in frequency in 2015, witnessing three major zero-days happening so close to one another is unique. To face this new reality, businesses and consumers must adapt by adopting new tools to safeguard their assets.
This is especially important with the kind of malware that is dropped by exploit kits, and in particular ransomware. Companies can literally be crippled by such malware, lose customers and in some cases put their business in jeopardy.