Malvertising

2024-03-08
Malvertising

In our modern world of ‘digital-everything’ we are constantly surrounded by advertising. Be it on a streaming service (even if you pay for it), social media or simply trying to read an article on your local newspaper’s website, they are everywhere, seamlessly integrated into almost every interaction you have with a screen. These digital adverts are delivered programmatically, using a finely curated profile about you based upon varied and numerous data points. The ubiquity of advertising and the rise of advertising networks has led to a sinister new monster, lurking in the shadowy corners of your screen: malvertising.

A portmanteau of ‘malicious software (malware) advertising’, malvertising represents a new vector of cyber-attack hiding in plain sight. Utilising the injection of malicious code into digital ads fed to victims, often, by legitimate advertising networks, it can be incredibly challenging to detect. When a victim clicks on the advertisement the code can install malicious software onto their computer. Alternatively, it might redirect the victim to another website to attempt a spoofing or social engineering related attack.

Whilst the concept of attempting to get a victim to click on a link to allow malicious action to be carried out is not necessarily ground-breaking (some readers may recall the garish popups that plagued the early internet), this new evolution in technique is a relatively new threat. The ubiquity of advertising can lead to a false sense of security. If a bad actor has managed to access a 3rd party server and injected this malicious code into adverts being served by a legitimate advertising provider they may even appear on legitimate, high-profile websites or services; this exact situation can seem very low risk to a potential victim who may be enticed to click on a legitimate looking advertisement. There have been several incidences of high-profile organisations delivering such malvertising; however, it is important to note that as the ad network itself has been compromised rather than the website itself it can be very challenging for these organisations to identify these risks.

Security researchers have recently published  a recent and high-profile incidence of malvertising: job adverts on Facebook. In short, clicking through these links led to victims having a piece of malware known as a ‘stealer’ installed on their devices, with the aim of collecting log in credentials and other information from the victim’s device and sending it to the bad actors, who could then use it for their own, nefarious purposes (perhaps to directly access and take over accounts, or alternatively to sell the stolen credentials to yet more bad actors).

Due to the nature of how malvertising operates it can be incredibly challenging to detect and avoid, especially for consumers but also for the publishers of the advertisements. It is also challenging for cybersecurity experts to identify these adverts as well, due to the rotating nature of adverts delivered by advertising networks.

With that said, there are some fundamental steps to take that can help reduce the risk if you fall victim to malvertising.

1. Ensure that all of your antivirus tools are turned on and kept up to date. Bad actors do constantly try to utilise the newest exploits and vulnerabilities, so ensuring your antivirus is up to date means it has the best possible chance of catching and quarantining any malicious software installed onto your device.

2. Further to the above, ensure to keep all of your software (and, by extension, any plug-ins and extensions you have installed) up to date as well. Much as before, bad actors can try to exploit vulnerabilities in older software as points of access.

3. If you are redirected to a new website after clicking on an advert, ensure that the website is what you believe it to be. This means taking actions such as checking that the URL is correct, checking that it is using https security protocols (look for the little lock icon in your browser’s URL bar), and checking that the language and content is as you expect it to be.

4. Additionally, always bear in mind that an offer may simply be too good to be true – often a tactic used on spoofed websites to try to extract victim information such as credit card details.

 

 

Resources:
CrowdStrike: Malvertising: https://www.crowdstrike.com/cybersecurity-101/malware/malvertising/

Trustwave https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf

 

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

Ransomware in 2021: a growing global threat
2021-12-14

Ransomware is not a new threat, but in recent years it has grown so exponentially that it has become one of the most prominent global threats, not only in the digital world but in the physical one as well.

Read more
Malicious Browser Extensions
Malicious Browser Extensions
2022-11-18

Browser Extensions can improve the convenience, productivity, and efficiency of browsers; however, they are not always secure as they look and can pose a significant challenge to cybersecurity. As a matter of fact, extensions can be easily downloaded with just one click, typically have full access to the contents of any web page the user loads and can handle sensitive data. This has made extensions a valuable target for threat actors.

Read more
Internet of Things - Safe or Not?
Internet of Things - Safe or Not?
2024-01-26

In recent years IoT technology has considerably transformed our world, connecting everyday objects to the internet and enabling new possibilities. At the same time, this new era of connectivity has exposed us to new security risks, with cybercriminals constantly trying to take advantage of vulnerabilities.

Read more

Contacts

Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!