Cyphort investigated the practices used by cyber criminals to inject malicious advertisements into legitimate online advertising networks. Researchers found that malvertising campaigns carried out by hackers increased 325 percent in the past year.
How malvertising works
Malvertising campaigns start when cyber criminals launch attacks through deceit or by infecting the ad supply chain including ad networks, ad exchanges and ad servers. Often times, the hackers will put legitimate ads on trustworthy web sites to build up support. They are basically trying to trick the network by appearing to look legitimate.
Once trust is built, the hacker inserts malicious code or spyware behind the ad on a limited basis, just long enough for malware to be launched. Malware is then unknowingly incorporated into web pages through a corrupt or malicious ad. Consumers are the most direct victims as their computers and contained files are infected by simply clicking on a malicious ad or in some cases, by simply going to a site they visit frequently.
Cyber criminals always look for the least point of resistance when attacking networks, making malvertising campaigns an enticing way for them to commit fraud and steal proprietary information from unsuspecting corporations, said Dr. Fengmin Gong, Cyphorts co-founder and chief science officer.
The problem of malvertising isnt going away and cyber criminals will continue finding ways to monetize their attacks. According to the Association of National Advertisers, ad-fraud will cost global advertisers more than $6 billion in 2015.
Cyphort believes this number will continue to skyrocket in the coming years. Much like advertisers, site publishers can be blamed for malvertising attacks. If a user is infected, chances are he or she will have second thoughts about returning to the site.
Combating malvertising attacks
Malvertising attacks will only likely increase throughout 2015 and into 2016. Cyber criminals looking to carry out malvertising attacks look for the point of least resistance such as the hosting sites. From there victims can be targeted by industries, specific interests, geo locations and so on. Todays common network detection tools wont get the job done when it comes to identifying and combating malvertising. It is the responsibility of the web property owners (hosting sites), ad networks and web surfers to secure proprietary information and keep the hackers at bay.
To help the web property owners (hosting sites), ad networks and web surfers combat the growing threat of malvertising campaigns, Cyphort Labs recommends the following steps to implement an effective cybersecurity defense:
1. Advertising networks should use continuous monitoring that utilize automated systems for repeated checking for malicious ads.
2. Scans should occur early and scan often, picking up changes in the complete advertising chains instead of just ad creatives.
3. Ad networks should leverage the latest security intelligence to power their monitoring systems to stay up to date with global threats.
4. Individuals should avoid blind surfing to reduce their exposure to drive-by infection. Keeping your computer system and security software patched in timely manner will go a long way in protecting you when you do have to venture into the dark night.
Dr. Gong added, Consumers will continue to be the most direct victims of malvertising campaigns, as their computers can be infected when they simply click unsuspectingly on a malicious ad or, in some cases, by simply going to a site they visit frequently. Hopefully consumers will keep their devices updated with the latest security patches available to download.