Malvertising Proliferates As Half Of Online Ads Are Now AI Generated 

Independent research conducted by CensusWide for Menlo Security, a leader in cloud security, has revealed that one in three UK consumers believe that over half of all advertisements on websites or social media sites are generated by AI (Artificial Intelligence).

Menlo Security is warning of an increase in ‘malvertising’, a form of highly evasive threat where malware is embedded into online or social media ads, due to the rise in convincing fake ads created by AI tools like ChatGPT and image generators, like Midjourney and DALLE. 

The research also highlights that many are unaware of the risks of clicking on fake, and therefore potentially malicious, advertisements.

  • The vast majority (70%) of respondents don’t know they can be infected with malware by clicking on a brand logo despite an increase in impersonated brands like Microsoft and Google. 
  • Around half (48%) are unaware they can be infected via a social media ad and 40% don’t know they can be infected by clicking on pop-ups and banners.
  • By comparison, almost three-quarters (73%) understand they can be infected by malware hidden in an email link. 

In the study, 70% of consumers say they click on advertisements on the internet ‘to some extent’; this is despite AI-generated ads making it more difficult to identify them as malicious. 

As people visit sites with infected ads, they may unknowingly download malware onto their device.  On average, one in 100 online ads are malicious but Menlo Security warns that this could rise as more AI tools and software become available and easy to use.

Almost a third (31%) of all respondents are not confident in their ability to recognise and avoid malvertising threats. This rises to 40% in women and 41% of over-55s.

Consumer Trust Varies According To The Nature Of The Site. 

Social networking sites such as Facebook and Instagram are seen as more trustworthy, with one in five people trusting these sites not to have malvertising, while Twitter is less so (with only 14% trusting it not to have malvertising). This trust increases slightly for sites such as Amazon (28%) and Google (25%). 

 AI security spokesperson at Menlo Security, Tom McVey commented “The growing prevalence of AI generated content online will only fuel highly evasive threats such as malvertising. AI used maliciously can not only generate convincing text, it can also generate images which can be made to appear like popular brands or logos... Our research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain."

With malware-as-a-service and AI generated text and images easily accessible, even attackers with little or no skills can create convincing ads and Menlo are expecting a big increase in malvertising as a result.

The research found that the top three brands impersonated by malicious threat actors over the last 90 days, to steal personal and confidential data, were Microsoft, Facebook, and Amazon - demonstrating that even the most credible websites are not immune to malvertising.

Menlo Offer These Tips To Avoid Becoming A Victim Of Malvertising

  • Carefully check URLs (website addresses) before clicking: Hover your mouse over the advert until the URL appears and check it properly to see if it’s what you’d expect. Threat actors can often use convincing domain names by replacing certain characters to trick the eye. 

For example, a lower case ‘l’ can sometimes look like an ‘i’ in ‘Microsoft’. However, whilst they can make use of clever tricks to make a website address look similar, they won’t be able to use the actual domain name of the site you think you’re clicking on, so checking carefully is one of the best ways to tell.

  • Look at the brand logo used to see if it looks genuine. Often when a logo is copied, it can appear stretched, squashed or pixilated, or if the background colour looks strange to you, for example a Microsoft logo on a black background, this could be a sign that it’s not legitimate; companies often have strict branding guidelines that malvertising attackers won’t necessarily follow.
  •  Consider what the advert is asking you to do. Legitimate brands often place adverts to measure the number of impressions made i.e., how many people have viewed the advert. Malvertising campaigns do not care about impressions, instead they will usually have a call to action asking you to ‘click here’ or ‘buy now’. These types of ads should be treated with caution.
  • Take a cautious approach to adverts, no matter the credibility of the website. Whilst credible news sites, such as the BBC, may have a higher vetting process for the adverts they publish than less well-known sites, they are not immune to malvertising. The same rules apply in taking a cautious attitude to clicking on ads.
  • Beware of redirections. If you do click on an advert and it takes you through to the site you expected, be aware that the more ads you click on the higher chance you have of encountering malware. Each ad click will likely bring you to a website with less stringent vetting procedures than the last; highly credible websites don’t need to place banner ads to get you to visit.

Melo's research has found that you’re only 3-7 clicks away from malware online. When users click a false link, cyber criminals can inject their malware onto the victim’s device, most commonly for financial gain.

You Might Also Read: 

Digital Advertising Fraud Will Cost $68 Billion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Discovered - High Risk Vulnerabilities Affecting A Leading Building Management System
Can AI Help Reduce The Cybersecurity Workforce Gap? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

Dev Information Technology (Dev IT)

Dev Information Technology (Dev IT)

Dev IT delivers digital transformation and end-to-end information technology services.