Malvertising: Hacking You Softly
Cyber Security: Awareness and Protection
“Malvertising”—online advertising that contains hidden malware—has been on the rise over the past year and a half. In August, Yahoo! said that it had been theannounced they were the victim of a massive malvertising attack;, one that could’ have affected its 6.9 billion monthly visits. Stories like this are poised expected to become even more prevalent, and recent studies show just how serious this threat has become.
One study, released by security company RiskIQ, found that the number of malvertisements in 2015 had jumped 260 percent compared to the same period in 2014. Another study, from security firm Bromium, found that more than 58 percent of malvertisements were delivered through news and entertainment websites, including trusted sites like www.cbsnews.com, www.nbcsports.com and www.weather.com.
One of the reasons malvertising has flourished is because it uses legitimate websites to deliver its malware. Cyber criminals spend money to place legitimate ads, either through agencies or by approaching websites directly. Under the cover of that legitimate transaction, cyber criminals then plant their malware in the ad’s code, either in the form of an exploit kit which runs undetected, or as a prompt for a fake software update that requires end user consent to execute its malicious code.
Experts recommend taking these actions to protect yourself your company from malvertising.
- Install security patches. There’s no easier target than a known vulnerability; deny criminals that opportunity by updating web browsers and plug-ins with the latest security patches.
- Enable click-to-run. Malicious ads can’t run their exploit kits if Flash isn’t allowed to automatically play ads.
- Invest in anti-virus software. Quality, up-to-date anti-virus software can’t stop malvertising, but it can identify exploit kits and should be able to prevent most malware from installing.
- Consider ad-blocking plug-ins. This is a powerful solution, but it has a downside. Ad-blocking plug-ins block all advertising content, which provides wide-ranging protection; however, it might prevent the sites you visit from collecting ad revenue from legitimate advertisements.
Experts warn that none of these protections are absolute, and since most companies can’t avoid using the Internet, it’s important to make sure you’re covered in the event of a data breach. For more information on combating cyber threats, liability, check out webinar recordings part 1 and part 2 of our Cyber & Privacy Liability Series. Contact Assurance Agency, Ltd. to discuss your risks and find appropriate solutions.
- Cyber & Privacy Liability Webinar: Part 1
- Cyber & Privacy Liability Webinar: Part 2
- Educating Employees on Cyber Security
- Big Data = Big Responsibility
- It’s Not About the Money: Sony’s Cyber Attack
- 10 Tips for Buying Cyber Insurance
- Cyber Liability E-Book