Most malvertising attacks are hosted on news and entertainment websites

“More than 50 percent of malvertising is unknowingly hosted on news and entertainment websites, according to Bromium.


“Bad actors look to extend their reach as far as possible in the shortest period of time, according to Chris Olson, CEO, The Media Trust. “News and entertainment sites are the worlds most heavily-trafficked sites and therefore ideal targets. However, attack vectors are not limited to ads. Sites predominantly execute third-party-code that renders on the user’s browser. As it is not within the site owners control this third-party code is difficult to monitor for compromise.”

“Malvertising is an elusive problem as the internet delivers a customized user experience based on an individuals online behavior. Further complicating this, a malvertising attack typically only appears for a short period of time. To effectively combat malvertising a company needs to actively review their sites using a variety of OS/browser, geographic and behavior profile combinations to see the malware execute on the user’s browserthats a sizable effort,” Olson concluded.

During the first six months of 2015, Flash experienced eight exploits, an increase of 60 percent since 2014, when there were five exploits. Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.

For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash. Security risk is a constant, but it is only the name that changes, said Rahul Kashyap, SVP and chief security architect, Bromium. “Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware recently ransomware preying on the most popular websites and commonly used software.”


In the first six months of 2015, nine new ransomware families emerged: CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX. This is an 80 percent increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families: Cryptolocker and Crytowall. Ransomware continues to grow, as cybercriminals realize it is a lucrative form of attack.

Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).”