Malvertising Targets Your Online Users

Uploaded on 2017-04-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Before clicking an online ad, make sure your users think twice. Malicious advertising, more commonly known as Malvertising, has been popping up everywhere.

Some of the most popular websites, such as Huffington Post, eBay, Forbes and Yahoo, at one point or another have unwittingly hosted malicious ads.

Malvertising is designed to spread malware when a user clicks on an ad. If a virus, worm, Trojan or some other type of malware like ransomware gets into your network through malicious advertising, it could disrupt your business for hours or days or longer or abscond with your valuable data.

Malvertising is tough to identify. Malware authors hijack legitimate online advertising systems to insert their own malware-filled ads into websites. Anytime malware is hidden inside a legitimate application, it’s much harder to detect.

That explains why Malvertising has become a $1 billion cyber-criminal enterprise. It’s easy to trick users to click, and it doesn’t cost much to create the fake ads. It costs less than $1 per 1,000 targeted users to create a malicious ad.

Clicking on a malicious ad can lead to the types of damage common to malware infections – stolen data, altered files, identity theft and financial loss. In some cases, it can turn your machine into a bot to propagate malware or execute a DDoS (distributed denial of service) attack.

That’s bad enough of course, but Malvertising delivers the added bonus of also hurting advertisers and the publishers they pay to run the ads. As explained by Forbes: “Lost ad dollars starve digital publishers of much-needed revenue and marketers of money intended to drive sales. Both phenomena result in diminished economic output and employment.” Malvertising is responsible for more than $200 million in lost ad revenue.

How Malvertising Works

Malvertising spreads infections in a couple of ways, tricking users into clicking an ad or pop-up warning and drive-by downloads. With ads, users are redirected to a website hosting malicious code instead of the advertiser’s site.

The first with pop-up warnings, for example, a fake alert about a computer infection appears on your screen. The alert contains a link to download the “fix.”

The second Malvertising method requires no work on the user’s part. A machine gets infected through a drive-by download when a user visits a site with malicious ads. Drive-by downloads are imperceptible to the user and install malware that causes disruption or steals valuable information.

Protect Your Business

Because Malvertising disguises itself as legitimate ads or pop-up warnings, it creates a challenge for businesses to prevent users from infecting their machines. But there are steps you can take to minimize the threat.

One obvious step, which applies in all cyber-security situations, is to always update all business systems and software. Outdated applications, plugins and operation systems often have vulnerabilities that cyber-criminals can easily exploit. Be sure to also update your browsers regularly and take advantage of built-in security features such as pop-up blockers and malware protection.

Lastly, you should implement a comprehensive, up-to-date endpoint security solution with built-in behavior analysis. Advanced analysis features can flag suspicious code by looking for traits often found in malware.

As we’ve explored in earlier blogs about exploits, phishing, mobile threats and browser security, small businesses have to secure their businesses on many fronts. Malvertising is one of many cyber threats your business has to contend with.

By taking these security steps, you boost your chances of avoiding a Malvertising hit.

VipreAntivirus:

You Might Also Read: 

Malicious Ads Expose Millions To Hacking:

Brand Reputation Includes Cyber Safety:

 

« Cyber-Workforce Shortage to Increase
Facebook & Google Are Killing Newspapers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.