Malvertising – the planting of malicious code in online adverts – is increasingly becoming a problem as it emanates from trusted and reputable websites.
Of the many threats plaguing the security industry today, malvertising, or the planting of malicious code in online adverts, is difficult for Web users to get their heads around. No one thinks for a second that visiting a trusted and reputable website could result in a malware infection.
Lutz Blaeser, managing director of Intact Software distribution, says this is the reason it is so effective. “Threat actors are exploiting web users’ inherent trust of the websites they regularly visit, to infect them via third-party advertising, innocently displayed on these pages,” Blaeser says.
Combating malvertising, says Blaeser, is “tricky” as it required the involvement of different stakeholders. “This would include those operating the websites, the advertising networks, end users, and businesses who wish to avoid being the next victim of a damaging security incident,” he said.
To better understand malvertising, knowledge of what makes this attack vector so appealing for cyber criminals is required. “First and foremost, the rules that apply to most internet safety advice do not apply where malvertising is concerned. We have been taught to avoid dodgy websites to remain safe, but malvertising takes advantage of reputable, legitimate websites. This is largely due to the fact that popular, busy sites outsource much of their advertising content to an enormous assortment of third-party advertising networks, well-known ones such as Google, as well as a number of unknown and startup ones.”
Visiting a web page connects users to a number of sites over and above the intended one due to pop-ups and videos, as well as other undesirable interactions, says Blaeser. The vast majority of us would never knowingly download this code if prompted by a specific site, he explains, but for ease of use, this happens automatically when we surf the web.
“Malvertising almost always exploits the fact that the website is known and trusted, before infecting the users that unwittingly visit it. The fact that users are so unaware of this technique, is what makes it so popular in the first place. Secondly, malvertisers find the anonymity of online advertising a huge drawcard,” he says. “It is nearly impossible to trace these attacks, as the site that served the malicious ads cannot pinpoint their exact origin. This is because site operators, for the most part, are not aware that they are serving up malware to their readers.”
In addition, ad networks rotate their content so often, this compounds the problem, as does the fact that anyone can buy an online ad with stolen or fraudulent credit cards, and other information. It is virtually impossible to track who actually placed the order for a malicious advertisement.
“Ad networks let buyers configure their adverts according to location, keywords and other identifiers. This ads enormous value for cyber criminals, as they can target their malfeasance accordingly,” says Blaeser. “Much in the same way as phishing, highly tuned nuances in advertising can almost guarantee that a certain type of individual will click on them.”
Online advertising is a monster that involves too many people to track and too many websites. “Attackers enjoy a safe route to their targets, all while being able to cast their nets far and wide. Cyber criminals are ruthless and efficient. They go for the low hanging fruit and are not interested in investing unnecessary time and effort. It is impossible for security businesses to pre-empt and stop these attacks, as they cannot blacklist every trusted site that might contain malvertising.”