Of the myriad threats plaguing the security industry today, malvertising, or the planting of malicious code in online adverts, is difficult for Web users to get their heads around. No one thinks for a second that visiting a trusted and reputable website could result in a malware infection.
so says Lutz Blaeser, MD of Intact Software distribution, adding that this is one reason why malvertising is so effective. “Threat actors are exploiting web users’ inherent trust of the websites they regularly visit, to infect them via third-party advertising, innocently displayed on these pages.”
Malvertising is a difficult issue, and its pervasive nature makes defending against it tricky, requiring a concerted effort with involvement from many different stakeholders. “This would include those operating the websites, the advertising networks, end users, and businesses who wish to avoid being the next victim of a damaging security incident.”
He says to better understand malvertising, knowledge of what makes this attack vector so appealing for cyber criminals is required. “First and foremost, the rules that apply to most internet safety advice do not apply where malvertising is concerned. We have been taught to avoid dodgy websites to remain safe, but malvertising takes advantage of reputable, legitimate websites. This is largely due to the fact that popular, busy sites outsource much of their advertising content to an enormous assortment of third-party advertising networks, well-known ones such as Google, as well as a number of unknown and startup ones.”
As most people know, when you visit a web page, you connect to many sites over and above the intended one, as Web browsers accept pop-ups, videos and some less desirable interactions too. The vast majority of us would never knowingly download this code if prompted by a specific site, he explains, but for ease of use, this happens automatically when we surf the web.
Ultimately, says Blaeser, advertising can influence the reputation of the site on which it is posted. “Malvertising almost always exploits the fact that the website is known and trusted, before infecting the users that unwittingly visit it. The fact that users are so unaware of this technique, is what makes it so popular in the first place. Secondly, malvertisers find the anonymity of online advertising a huge drawcard. It is nearly impossible to trace these attacks, as the site that served the malicious ads cannot pinpoint their exact origin. This is because site operators, for the most part, are not aware that they are serving up malware to their readers.”
In addition, ad networks rotate their content so often, this compounds the problem, as does the fact that anyone can buy an online ad with stolen or fraudulent credit cards, and other information. It is virtually impossible to track who actually placed the order for a malicious advertisement.
Another compelling reason malvertising is so popular with cyber crooks, is that it is highly targeted, and criminals can cherry pick the type of victim they wish to go after. “Ad networks let buyers configure their adverts according to location, keywords and other identifiers. This ads enormous value for cyber criminals, as they can target their malfeasance accordingly. Much in the same way as phishing, highly tuned nuances in advertising can almost guarantee that a certain type of individual will click on them.”
Online advertising is a monster that involves too many people to track and too many websites. “Attackers enjoy a safe route to their targets, all while being able to cast their nets far and wide. Cyber criminals are ruthless and efficient. They go for the low hanging fruit and are not interested in investing unnecessary time and effort. It is impossible for security businesses to pre-empt and stop these attacks, as they cannot blacklist every trusted site that might contain malvertising.”