Malvertising increasing on social media, trade and news platforms
Malicious advertising, or malvertising, is increasing and typically targets the suppliers of social media, and trade and news platform sites rather than the actual sites to remain hidden and install malicious software on devices using exploits.
Leveraging an attack through a supplier is often easier than a direct attack on the intended victim, and cybersecurity multi- national Check Point believes that the malver- tising trend will continue to impact on major sites and users worldwide.
To mitigate malvertising, advertisement servers must enhance their security measures and ensure the content they supply is legitimate, says Check Point South Africa country manager Doros Hadjizenonos.
When a person visits an infected site, an exploit kit is activated, which checks to see if the machine is vulnerable to one or more of the exploits it contains. If so, it leverages the vulnerability to install malicious software, or malware, on the user’s device.
“Since this is a common threat, most web- sites harden their systems to protect themselves and their visitors from infection. How- ever, hackers can avoid the need to infect a well-guarded website by infecting the servers that supply advertisements to them instead,” he explains.
Malvertising is not a new form of an attack, but it has become headline news after several recent occurrences.
A large malvertising campaign targeting Baidu’s advertising plat- form, which started in October 2015, was exposed in March. Its evasive and elaborate nature enabled it to remain undetected and impact countless users in China for more than four months.
Visitors to the sites of the BBC and the New York Times were also affected by a malvertising campaign. They were targeted by a ransomware variant, similar to the Cryptolocker attack, which was served by the Angler exploit kit.
“The attackers did not stop after the campaign was finally exposed, they simply changed tactics to target videos to use as their malver- tising platform instead of infecting users through Web banners,” Hadjizenonos adds.
The campaign also targeted the Fox News website, among others.
Another recent malver- 0tising campaign targeted Australian users with an even more complex attack flow. Cybercriminals infiltrated a law firm’s website, created fake advertisements containing the firm’s logo and then published them on the Gumtree website, a subsidiary of eBay, which receives 48-million visitors a month.
The attackers were able to stay hidden by altering the supplied adverts, switching between benign and malicious ones, and making it more difficult for security vendors to identify them, he highlights.
“Education and awareness about these threats are not enough to stay protected and even standard security measures are only capable of preventing known threats; they are not capable of countering the advanced, continuously evolving tactics of today’s cybercriminals.”
Organisations must improve their threat-prevention strategies and protect themselves not only against known threats but also against unknown malware and zero-day threats, like malvertising, concludes Hadjizenonos.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation