This article increases awareness for organizations and individuals seeking to enhance their digital security posture against malvertising (“malicious advertising”). Malvertising is increasingly being deployed by threat actors to spread malware, including ransomware and scams, and redirect users from legitimate websites to phishing and exploit kit–hosting sites.
The threat from malvertising is increasing, however, there are opportunities for organizations and individuals to mitigate their digital risk.
Malvertising—injecting malware-laden advertisements into legitimate online advertising networks and webpages—sharply increased last year (by 132%), according to RiskIQ’s annual malvertising report released on 31 Jan 2017. Since its identification in 2007, malvertising has demonstrated an evolution in obfuscation techniques and threat actors have repeatedly successfully targeted high-profile entities. Key trends:
- Malvertising has proven to be stealthy. Notable Examples: In December 2016, ESET researchers identified the ‘Stegano’ campaign (which dates back to 2014). Stegano hid part of its malicious code in the pixels displaying banner ads on multiple reputable news sites, each with millions of daily visitors. In April 2016, Proofpoint and TrendMicro researchers discovered that the ‘AdGholas’ campaign had likely infected thousands of victims on a consistent basis for more than a year.
- High-profile websites are not immune to malvertising. Major sites including the New York Times, the BBC, the London Stock Exchange, Google, Facebook, and AOL, have been impacted by malvertising. The ‘AdGholas’ campaign directed more than a million high-profile website users to a website hosting an exploit kit.
- Organizations and individual users have opportunities to mitigate their malvertising threat risk. For example, RiskIQ’s advanced web crawling infrastructure provides an innovative approach for protecting against malvertisements by generating an up-to-date, proprietary blacklist of malicious ads for websites and mobile applications for digital advertisers and publishers to review to decrease digital risk to their ad infrastructure. Individual users can install an antivirus program; uninstall underutilized browser plug-ins or set them to click-and-play; and keep browsers, plug-ins and operating systems up-to-date.
Our view: Increasing your awareness of the threat is always a good first step, but don’t stop there. Leverage automated knowledge of adversary infrastructure via RiskIQ to operationalize your defenses against this risk. Your incident response team or external cybersecurity providers can benefit from this operational data. There are other defensive moves you can take. Ad blockers also provide a layer of security; however, their potential impact to the traditional digital media marketing infrastructure is unknown at this time. New Endpoint Protection Platforms (EPP) can help mitigate this threat by prevention and, when infections do get in, containment. We also recommend external verification and validation of your security policies and procedures to raise your defenses.
- Empower Your Workforce to Play Insider Threat Defense - December 4, 2017
- 3 Ways to Mitigate Insider Threat Risk Prior to an Employee’s Departure - November 7, 2017
- Digital Risk of Data Increases When Employees Leave - March 29, 2017