Malvertising Proliferates As Half Of Online Ads Are Now AI Generated

Uploaded on 2023-07-10 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Independent research conducted by CensusWide for Menlo Security, a leader in cloud security, has revealed that one in three UK consumers believe that over half of all advertisements on websites or social media sites are generated by AI (Artificial Intelligence).

Menlo Security is warning of an increase in ‘malvertising’, a form of highly evasive threat where malware is embedded into online or social media ads, due to the rise in convincing fake ads created by AI tools like ChatGPT and image generators, like Midjourney and DALLE.

The research also highlights that many are unaware of the risks of clicking on fake, and therefore potentially malicious, advertisements.

The vast majority (70%) of respondents don’t know they can be infected with malware by clicking on a brand logo despite an increase in impersonated brands like Microsoft and Google.

Around half (48%) are unaware they can be infected via a social media ad and 40% don’t know they can be infected by clicking on pop-ups and banners.

By comparison, almost three-quarters (73%) understand they can be infected by malware hidden in an email link.

In the study, 70% of consumers say they click on advertisements on the internet ‘to some extent’; this is despite AI-generated ads making it more difficult to identify them as malicious.

As people visit sites with infected ads, they may unknowingly download malware onto their device. On average, one in 100 online ads are malicious but Menlo Security warns that this could rise as more AI tools and software become available and easy to use.

Almost a third (31%) of all respondents are not confident in their ability to recognise and avoid malvertising threats. This rises to 40% in women and 41% of over-55s.

Consumer Trust Varies According To The Nature Of The Site.

Social networking sites such as Facebook and Instagram are seen as more trustworthy, with one in five people trusting these sites not to have malvertising, while Twitter is less so (with only 14% trusting it not to have malvertising). This trust increases slightly for sites such as Amazon (28%) and Google (25%).

AI security spokesperson at Menlo Security, Tom McVey commented “The growing prevalence of AI generated content online will only fuel highly evasive threats such as malvertising. AI used maliciously can not only generate convincing text, it can also generate images which can be made to appear like popular brands or logos... Our research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain."

With malware-as-a-service and AI generated text and images easily accessible, even attackers with little or no skills can create convincing ads and Menlo are expecting a big increase in malvertising as a result.

The research found that the top three brands impersonated by malicious threat actors over the last 90 days, to steal personal and confidential data, were Microsoft, Facebook, and Amazon - demonstrating that even the most credible websites are not immune to malvertising.

Menlo Offer These Tips To Avoid Becoming A Victim Of Malvertising

Carefully check URLs (website addresses) before clicking: Hover your mouse over the advert until the URL appears and check it properly to see if it’s what you’d expect. Threat actors can often use convincing domain names by replacing certain characters to trick the eye.

For example, a lower case ‘l’ can sometimes look like an ‘i’ in ‘Microsoft’. However, whilst they can make use of clever tricks to make a website address look similar, they won’t be able to use the actual domain name of the site you think you’re clicking on, so checking carefully is one of the best ways to tell.

Look at the brand logo used to see if it looks genuine. Often when a logo is copied, it can appear stretched, squashed or pixilated, or if the background colour looks strange to you, for example a Microsoft logo on a black background, this could be a sign that it’s not legitimate; companies often have strict branding guidelines that malvertising attackers won’t necessarily follow.

Consider what the advert is asking you to do. Legitimate brands often place adverts to measure the number of impressions made i.e., how many people have viewed the advert. Malvertising campaigns do not care about impressions, instead they will usually have a call to action asking you to ‘click here’ or ‘buy now’. These types of ads should be treated with caution.

Take a cautious approach to adverts, no matter the credibility of the website. Whilst credible news sites, such as the BBC, may have a higher vetting process for the adverts they publish than less well-known sites, they are not immune to malvertising. The same rules apply in taking a cautious attitude to clicking on ads.

Beware of redirections. If you do click on an advert and it takes you through to the site you expected, be aware that the more ads you click on the higher chance you have of encountering malware. Each ad click will likely bring you to a website with less stringent vetting procedures than the last; highly credible websites don’t need to place banner ads to get you to visit.

Melo's research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain.

You Might Also Read:

Digital Advertising Fraud Will Cost $68 Billion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.