Malicious advertising, or malvertising, is increasing and typically targets the suppliers of social media, and trade and news platform sites rather than the actual sites to remain hidden and install malicious software on devices using exploits.

Leveraging an attack through a supplier is often easier than a direct attack on the intended victim, and cybersecurity multi- national Check Point believes that the malver- tising trend will continue to impact on major sites and users worldwide.

To mitigate malvertising, advertisement servers must enhance their security measures and ensure the content they supply is legitimate, says Check Point South Africa country manager Doros Hadjizenonos.

When a person visits an infected site, an exploit kit is activated, which checks to see if the machine is vulnerable to one or more of the exploits it contains. If so, it leverages the vulnerability to install malicious software, or malware, on the user’s device.

“Since this is a common threat, most web- sites harden their systems to protect themselves and their visitors from infection. How- ever, hackers can avoid the need to infect a well-guarded website by infecting the servers that supply advertisements to them instead,” he explains.

Malvertising is not a new form of an attack, but it has become headline news after several recent occurrences.

A large malvertising campaign targeting Baidu’s advertising plat- form, which started in October 2015, was exposed in March. Its evasive and elaborate nature enabled it to remain undetected and impact countless users in China for more than four months.

Visitors to the sites of the BBC and the New York Times were also affected by a malvertising campaign. They were targeted by a ransomware variant, similar to the Cryptolocker attack, which was served by the Angler exploit kit.

“The attackers did not stop after the campaign was finally exposed, they simply changed tactics to target videos to use as their malver- tising platform instead of infecting users through Web banners,” Hadjizenonos adds.

The campaign also targeted the Fox News website, among others.

Another recent malver- 0tising campaign targeted Australian users with an even more complex attack flow. Cybercriminals infiltrated a law firm’s website, created fake advertisements containing the firm’s logo and then published them on the Gumtree website, a subsidiary of eBay, which receives 48-million visitors a month.

The attackers were able to stay hidden by altering the supplied adverts, switching between benign and malicious ones, and making it more difficult for security vendors to identify them, he highlights.

“Education and awareness about these threats are not enough to stay protected and even standard security measures are only capable of preventing known threats; they are not capable of countering the advanced, continuously evolving tactics of today’s cybercriminals.”

Organisations must improve their threat-prevention strategies and protect themselves not only against known threats but also against unknown malware and zero-day threats, like malvertising, concludes Hadjizenonos.