Malvertising Proliferates As Half Of Online Ads Are Now AI Generated 

Independent research conducted by CensusWide for Menlo Security, a leader in cloud security, has revealed that one in three UK consumers believe that over half of all advertisements on websites or social media sites are generated by AI (Artificial Intelligence).

Menlo Security is warning of an increase in ‘malvertising’, a form of highly evasive threat where malware is embedded into online or social media ads, due to the rise in convincing fake ads created by AI tools like ChatGPT and image generators, like Midjourney and DALLE. 

The research also highlights that many are unaware of the risks of clicking on fake, and therefore potentially malicious, advertisements.

  • The vast majority (70%) of respondents don’t know they can be infected with malware by clicking on a brand logo despite an increase in impersonated brands like Microsoft and Google. 
  • Around half (48%) are unaware they can be infected via a social media ad and 40% don’t know they can be infected by clicking on pop-ups and banners.
  • By comparison, almost three-quarters (73%) understand they can be infected by malware hidden in an email link. 

In the study, 70% of consumers say they click on advertisements on the internet ‘to some extent’; this is despite AI-generated ads making it more difficult to identify them as malicious. 

As people visit sites with infected ads, they may unknowingly download malware onto their device.  On average, one in 100 online ads are malicious but Menlo Security warns that this could rise as more AI tools and software become available and easy to use.

Almost a third (31%) of all respondents are not confident in their ability to recognise and avoid malvertising threats. This rises to 40% in women and 41% of over-55s.

Consumer Trust Varies According To The Nature Of The Site. 

Social networking sites such as Facebook and Instagram are seen as more trustworthy, with one in five people trusting these sites not to have malvertising, while Twitter is less so (with only 14% trusting it not to have malvertising). This trust increases slightly for sites such as Amazon (28%) and Google (25%). 

 AI security spokesperson at Menlo Security, Tom McVey commented “The growing prevalence of AI generated content online will only fuel highly evasive threats such as malvertising. AI used maliciously can not only generate convincing text, it can also generate images which can be made to appear like popular brands or logos... Our research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain."

With malware-as-a-service and AI generated text and images easily accessible, even attackers with little or no skills can create convincing ads and Menlo are expecting a big increase in malvertising as a result.

The research found that the top three brands impersonated by malicious threat actors over the last 90 days, to steal personal and confidential data, were Microsoft, Facebook, and Amazon - demonstrating that even the most credible websites are not immune to malvertising.

Menlo Offer These Tips To Avoid Becoming A Victim Of Malvertising

  • Carefully check URLs (website addresses) before clicking: Hover your mouse over the advert until the URL appears and check it properly to see if it’s what you’d expect. Threat actors can often use convincing domain names by replacing certain characters to trick the eye. 

For example, a lower case ‘l’ can sometimes look like an ‘i’ in ‘Microsoft’. However, whilst they can make use of clever tricks to make a website address look similar, they won’t be able to use the actual domain name of the site you think you’re clicking on, so checking carefully is one of the best ways to tell.

  • Look at the brand logo used to see if it looks genuine. Often when a logo is copied, it can appear stretched, squashed or pixilated, or if the background colour looks strange to you, for example a Microsoft logo on a black background, this could be a sign that it’s not legitimate; companies often have strict branding guidelines that malvertising attackers won’t necessarily follow.
  •  Consider what the advert is asking you to do. Legitimate brands often place adverts to measure the number of impressions made i.e., how many people have viewed the advert. Malvertising campaigns do not care about impressions, instead they will usually have a call to action asking you to ‘click here’ or ‘buy now’. These types of ads should be treated with caution.
  • Take a cautious approach to adverts, no matter the credibility of the website. Whilst credible news sites, such as the BBC, may have a higher vetting process for the adverts they publish than less well-known sites, they are not immune to malvertising. The same rules apply in taking a cautious attitude to clicking on ads.
  • Beware of redirections. If you do click on an advert and it takes you through to the site you expected, be aware that the more ads you click on the higher chance you have of encountering malware. Each ad click will likely bring you to a website with less stringent vetting procedures than the last; highly credible websites don’t need to place banner ads to get you to visit.

Melo's research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain.

You Might Also Read: 

Digital Advertising Fraud Will Cost $68 Billion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Discovered - High Risk Vulnerabilities Affecting A Leading Building Management System
Can AI Help Reduce The Cybersecurity Workforce Gap? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

Early Birds

Early Birds

Early Birds is a Business to Business (B2B) marketplace for Innovators (Startups/Scaleups) and Early Adopters to exchange value early on.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.