Malvertising: Cyber Crime Hits Online Advertising [Blog Post]
August 2, 2016 - By: SC&H Group
In the following blog post, SC&H Group’s IT Advisory Services team offers insights into how to protect your network from malvertising, a new threat that uses online advertising to distribute malware with little to no user interaction required.
When most people read the news or do research on well-respected sites, there is often no fear that one click on a banner ad could launch a vicious attack.
However, cyber criminals have created a way to launch malware or ransomware on any system through malvertising, or malicious advertising scams – and the threat is growing in seriousness.
In March, the BBC, Newsweek, The New York Times, and MSN inadvertently ran malicious online advertisements. Instigated by cyber attackers, harmful ads were uploaded to online advertising companies and then distributed to top-tier publishers.
With monthly traffic for these news sites being in the millions, the vastness of this type of threat can be astounding. Malvertising scams can also easily compromise corporate networks where many employees visit mainstream news sites for research and other information.
The reality: it is nearly impossible to avoid malvertising. However, Malwarebytes offers these tips to help reduce the chances of an attack to your network:
- Educate Your Employees on Safe Browsing: Keep your employees up-to-date on the latest threats, and provide weekly updates on what news sites are the most vulnerable. Most important, make sure your team does not click on any banner ads.
- Enhance Network Security: As malvertising is simply a vehicle for finding security flaws hiding elsewhere in your system, keep your software patched, update your operating system, run the latest browsers, and remove any software (especially Flash or Java) that you don’t use or need.
- Use an Ad Blocker: Ad blockers can filter out a lot of the malvertising noise, stopping dynamic scripts from loading dangerous content. However, many of the most reputable news sites rely on advertising for revenue, so they ask users to disable ad blockers in order to access content.
- Enable Click-To-Play Plugin: Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). A good bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will offer excellent protection.
- Run an Effective Anti-Exploit Program: A solid anti-exploit program can shield browser, OS, and software vulnerabilities, potentially catching any threats that make it through your network defenses.
As always, the SC&H Group IT Advisory Services team is advocating for you to remain alert, be aware of all suspicious web activity, and consider the above tips to prevent a potential malvertising attack.
Interested in strengthening your IT security, and learning more about how to protect your network in the face of these rising threats? Please contact Jeff Bathurst, Director of SC&H Group’s IT Advisory Services practice here.